Vulnerabilities ›

CVE-2026-9149

Medium

CWE-122 — Weakness Type

                    Published: May 21, 2026                      ·  Modified: May 21, 2026                      ·  Source: NVD                

CVSS v3

6.5

🔗 NVD Official

📄 Description (English)

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).

🤖 AI Executive Summary

A heap buffer overflow vulnerability in libsolv allows attackers to cause denial of service by processing specially crafted .solv files with negative size values. The flaw occurs in the repo_add_solv function due to improper memory allocation validation.

📄 Description (Arabic)

تم اكتشاف ثغرة تجاوز المخزن المؤقت في مكتبة libsolv عند معالجة ملفات .solv المصممة بشكل خاص تحتوي على قيم حجم سالبة. يؤدي هذا إلى تخصيص ذاكرة أقل من المطلوب وكتابة خارج الحدود المسموحة. يمكن للمهاجمين استغلال هذه الثغرة لإحداث هجمات حرمان الخدمة.

🤖 ملخص تنفيذي (AI)

A heap buffer overflow in libsolv enables attackers to trigger denial of service attacks using malicious .solv files containing negative size values. The vulnerability stems from inadequate validation in the repo_add_solv function leading to undersized memory allocation.

🤖 AI Intelligence Analysis Analyzed: May 21, 2026 10:01

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government telecom energy

🎯 MITRE ATT&CK Techniques

T1190 T1499

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Update libsolv to the latest patched version immediately. Implement input validation to reject .solv files with negative size values. Restrict processing of .solv files from untrusted sources and monitor system logs for exploitation attempts.

🔧 خطوات المعالجة (العربية)

قم بتحديث libsolv إلى أحدث إصدار معدل فوراً. طبق التحقق من صحة المدخلات لرفض ملفات .solv التي تحتوي على قيم حجم سالبة. قيد معالجة ملفات .solv من مصادر غير موثوقة وراقب سجلات النظام لمحاولات الاستغلال.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.RA-1 PR.IP-1

🟡 ISO 27001:2022

27001:A.12.6.1 27001:A.14.2.1

🔗 References & Sources 3

🔗

https://access.redhat.com/security/cve/CVE-2026-9149

secalert@redhat.com

🔗

https://bugzilla.redhat.com/show_bug.cgi?id=2460380

secalert@redhat.com

🔗

https://github.com/openSUSE/libsolv/pull/617

secalert@redhat.com

📊 CVSS Score

6.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score6.5

CWECWE-122

EPSS0.06%

Exploit No

Patch ✗ No

Published 2026-05-21

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-122

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-9149

Introduce Yourself

Sign In Required