CVE-2026-13573

EUVD-2026-40115
A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/llvm/llvm-project/
https://github.com/llvm/llvm-project/issues/199187
https://github.com/user-attachments/files/28141697/poc.zip
https://vuldb.com/cve/CVE-2026-13573
https://vuldb.com/submit/844457
https://vuldb.com/vuln/374581
https://vuldb.com/vuln/374581/cti