CVE-2026-5358 — Vulnetix

CVE-2026-5358 PUBLISHED

The obsolete nis_local_principal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application. NIS support is obsolete and has been deprecated in the GNU C Library since version 2.26 and is only maintained for legacy usage. Applications should port away from NIS to more modern identity and access management services.

EPSS 0.02% · 4.9th percentile

Risk Scores

EPSS Score

0.02%

4.9th percentile

Affected Products

Vendor	Product	Versions
The GNU C Library	glibc	0

Timeline

Apr 20, 2026 PoC Published
Apr 21, 2026 EPSS Score
Apr 21, 2026 Security Advisory
Apr 22, 2026 CVE Rejected
Apr 22, 2026 CVE Updated

References

https://sourceware.org/bugzilla/show_bug.cgi?id=34067 url
https://nvd.nist.gov/vuln/detail/CVE-2026-5358 advisory

Open in Interactive Console →