CVE-2026-38755

CVE-2026-38755CVE-2026-38755

Description

A heap overflow in the evalcommand() function (shell/ash.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.

Scoring

Last modified2026-07-15
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.