CVE-2026-43958 - Vulnerability Details

- Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

Description

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary code execution, impacting the integrity and confidentiality of data.

Published: 2026-06-01

Score: 7.8 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A stack-based buffer overflow was discovered in the rrdcached component of rrdtool, where receiving an oversized CREATE request can overwrite the stack. The flaw allows a local attacker with access to a rrdcached socket to trigger a denial of service by crashing the daemon or to execute arbitrary code. The potential code execution would compromise the integrity and confidentiality of data managed by rrdcached.

Affected Systems

The vulnerability affects Red Hat Enterprise Linux releases 6 through 10. Systems running any of these distributions with the affected rrdtool component are at risk. The specific versions impacted are not enumerated in the available data, so all installations of the vulnerable rrdcached services should be treated as potentially exposed.

Risk and Exploitability

The published CVSS score of 7.8 indicates high severity. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no current known exploitation but not ruling out future risk. The attack vector is local; an adversary must already have the ability to communicate with rrdcached via its socket or an exposed TCP listener. Effective exploitation requires sending a malicious CREATE request. Because the flaw leads to a buffer overflow, it is considered high risk for local privilege escalation and denial of service.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor	Product	Default status	Versions
Red Hat	Red Hat Enterprise Linux 10	affected	—
Red Hat	Red Hat Enterprise Linux 6	affected	—
Red Hat	Red Hat Enterprise Linux 7	affected	—
Red Hat	Red Hat Enterprise Linux 8	affected	—
Red Hat	Red Hat Enterprise Linux 9	affected	—

No data.

No data available yet.

Remediation

Vendor Workaround

Restrict access to the `rrdcached` UNIX socket using filesystem permissions and group ownership to prevent untrusted local users from connecting. Avoid exposing `rrdcached` on TCP listeners unless strictly necessary, and ensure any such listeners are protected by network access controls. Additionally, run the `rrdcached` daemon as an unprivileged user and group using the `-U` and `-G` options to minimize impact in case of compromise. If `rrdcached` is restarted or reloaded, these configurations will be reapplied.

OpenCVE Recommended Actions

Restrict rrdcached socket access by setting file permissions and group ownership, limiting connections to trusted local users.
Do not expose rrdcached on TCP listeners unless necessary, and ensure any such listeners are protected by network access controls.
Run the rrdcached daemon as an unprivileged user and group using the -U and -G options to reduce the impact of a compromise.
Reapply these configurations after any restart or reload of rrdcached to maintain protection.

Generated by OpenCVE AI on June 1, 2026 at 20:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2026-43958
https://bugzilla.redhat.com/show_bug.cgi?id=2460932

History

Mon, 01 Jun 2026 19:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary code execution, impacting the integrity and confidentiality of data.
Title		Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service
First Time appeared		Redhat Redhat enterprise Linux
Weaknesses		CWE-121
CPEs		cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2026-43958 https://bugzilla.redhat.com/show_bug.cgi?id=2460932
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Redhat Enterprise Linux

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-06-01T17:34:17.226Z

Updated: 2026-06-01T17:47:30.927Z

Reserved: 2026-05-04T18:07:21.843Z

Link: CVE-2026-43958

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-01T19:16:47.970

Modified: 2026-06-01T19:16:47.970

Link: CVE-2026-43958

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-01T20:30:17Z

Weaknesses

CWE-121

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object