CVE-2026-24811

EUVD-2026-4830
Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inffast.C.

This issue affects root.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
rootroot
𝑥
≤ 6.34.08
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/root-project/root/pull/18526
https://root.cern/blog/recent-common-vulnerabilities-when-does-ROOT-need-to-be-updated/