CVE-2026-27171 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	2.9 LOW	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
mitre	CNA	2.9 LOW	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
zlib	zlib	𝑥 < 1.3.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

zlib

bookworm	no-dsa
bullseye	postponed
bullseye (security)	vulnerable
forky	vulnerable
sid	vulnerable
trixie	no-dsa

Known Exploits!

https://github.com/madler/zlib/issues/904

Common Weakness Enumeration

CWE-1284 - Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Vulnerability Media Exposure

[GERMAN] zlib: Schwachstelle ermöglicht Denial of Service
Ein lokaler Angreifer kann eine Schwachstelle in zlib ausnutzen, um einen Denial of Service Angriff durchzuführen.
Published: 2026-02-17T23:00:00+00:00

References

https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/

https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf

https://github.com/madler/zlib/issues/904

https://github.com/madler/zlib/releases/tag/v1.3.2

https://ostif.org/zlib-audit-complete/

https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf