CVE-2026-40200HIGH 8.1EPSS p2.8%

CVE-2026-40200CVE-2026-40200

Description

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.13% probability of exploitation · percentile 2.8% · 2026-06-19T12:03:05Z
Published2026-04-10
Last modified2026-04-27

Underlying weaknesses· 1

CWE-670

References

  1. https://musl.libc.org/releases.html
  2. https://www.openwall.com/lists/oss-security/2026/04/10/13
  3. http://www.openwall.com/lists/oss-security/2026/04/10/13

1

TypeTargetConfidenceTier
WeaknessAlways-Incorrect Control Flow Implementationcwe-6700%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-0861
CVE
CVE-2026-27143
CVE
CVE-2026-1484
CVE
CVE-2026-5450
CVE
CVE-2026-25260
CVE
CVE-2026-1489
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.