CVE-2026-40025

EUVD-2026-20761
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS disk image that triggers information disclosure or crashes when processed by any Sleuth Kit tool that parses APFS volumes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
sleuthkitthe_sleuth_kit
𝑥
< 4.15.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/sleuthkit/sleuthkit/commit/8b9c9e7d493bd68624f3b1a3963edd45c3ff7611
https://github.com/sleuthkit/sleuthkit/pull/3444
https://mobasi.ai/sentinel
https://www.vulncheck.com/advisories/sleuth-kit-apfs-keybag-parser-out-of-bounds-read