EUVD-2026-20763

🗓️ 09 Apr 2026 00:31:58Reported by EUVDType

Zero-length system use data entry in Sleuth Kit ISO9660 parser triggers out-of-bounds reads and loops.

Reporter	Title	Published	Views	Family All 22
ATTACKERKB	CVE-2026-40026	8 Apr 202621:35	–	attackerkb
CBLMariner	CVE-2026-40026 affecting package sleuthkit for versions less than 4.12.1-2	14 Apr 202600:55	–	cbl_mariner
CNNVD	The Sleuth Kit 缓冲区错误漏洞	8 Apr 202600:00	–	cnnvd
CVE	CVE-2026-40026	8 Apr 202621:35	–	cve
Cvelist	CVE-2026-40026 Sleuth Kit ISO9660 SUSP Extension Reference Out-of-Bounds Read	8 Apr 202621:35	–	cvelist
Debian CVE	CVE-2026-40026	8 Apr 202621:35	–	debiancve
Microsoft CVE	Sleuth Kit ISO9660 SUSP Extension Reference Out-of-Bounds Read	10 Apr 202608:01	–	mscve
NVD	CVE-2026-40026	8 Apr 202622:16	–	nvd
OSV	DEBIAN-CVE-2026-40026	8 Apr 202622:16	–	osv
OSV	OESA-2026-1934 sleuthkit security update	17 Apr 202613:00	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "3c459a05-befb-3e4a-a998-1825b5990237",
        "vendor": {
          "name": "sleuthkit"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "3c459a05-befb-3e4a-a998-1825b5990237",
        "product": {
          "name": "sleuthkit"
        },
        "product_version": ""
      },
      {
        "id": "7c901fd6-939b-3a36-ba8e-63da1364b7b6",
        "product": {
          "name": "sleuthkit"
        },
        "product_version": "0 ≤4.14.0"
      }
    ]
  }
]

Source	Link
github	www.github.com/sleuthkit/sleuthkit/pull/3445
github	www.github.com/sleuthkit/sleuthkit/commit/a95b0ac21733b059a517aaefa667a17e1bcbdee1
mobasi	www.mobasi.ai/sentinel
vulncheck	www.vulncheck.com/advisories/sleuth-kit-iso9660-susp-extension-reference-out-of-bounds-read
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-40026

09 Apr 2026 00:31Current

6Medium risk

Vulners AI Score6

CVSS 44.8

CVSS 3.14.4

EPSS0.00013