CVE-2026-4426 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 40%

Affected Products (NVD)

Vendor	Product	Version
libarchive	libarchive	-
redhat	hardened_images	-
redhat	openshift_container_platform	4.0
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
redhat	enterprise_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libarchive

bookworm	postponed
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	3.4.3-2+deb11u4 fixed
forky	3.8.7-1 fixed
sid	3.8.7-1 fixed
trixie	postponed

Ubuntu Releases

Ubuntu Product

Codename

libarchive

bionic	deferred
focal	deferred
jammy	deferred
noble	deferred
questing	deferred
resolute	deferred
trusty	deferred
xenial	deferred

Common Weakness Enumeration

CWE-1335 - Incorrect Bitwise Shift of Integer
An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected or indeterminate result.

Vulnerability Media Exposure

[GERMAN] libarchive: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen und DoS
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libarchive ausnutzen, um Informationen offenzulegen und um einen Denial-of-Service-Zustand zu erzeugen.
Published: 2026-03-19T23:00:00+00:00

References

https://access.redhat.com/errata/RHSA-2026:8944

https://access.redhat.com/security/cve/CVE-2026-4426

https://bugzilla.redhat.com/show_bug.cgi?id=2449010

https://github.com/libarchive/libarchive/pull/2897