CVE-2026-48864 - Vulnerability Details

- Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data

Description

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.

Published: 2026-05-26

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Libsolv contains a heap buffer overflow that triggers during decompression of data in .solv files. Insufficient validation allows outside‑of‑bounds writes, leading to memory corruption, which can expose data, alter program execution, or crash the application. The flaw is identified as CWE‑787 and is rated with a CVSS base score of 7.8, indicating high potential impact on affected systems.

Affected Systems

The vulnerability applies to several Red Hat families, including Red Hat Enterprise Linux versions 7 through 10, Red Hat OpenShift Container Platform 4, Red Hat Satellite 6, Red Hat Hardened Images, and Red Hat Update Infrastructure 4 for Cloud Providers. The specific product versions are not detailed in the advisory, so any current release remains potentially vulnerable until an official fix is issued.

Risk and Exploitability

With a CVSS score of 7.8, the flaw represents a significant risk. Exploitation would require an attacker to supply a malicious .solv file that the system processes; this could occur through package management, software updates, or supply‑chain compromise. The EPSS score is not available, and the issue is not yet listed in CISA’s KEV catalog, suggesting no confirmed widespread exploitation yet. Nonetheless, the potential for denial of service or data exposure warrants immediate attention.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Red Hat

Red Hat Hardened Images

affected

Version	Status	Constraints
`0.7.38-2.hum1`	unaffected	< *

Red Hat Red Hat Enterprise Linux 10 affected —

Red Hat Red Hat Enterprise Linux 7 affected —

Red Hat Red Hat Enterprise Linux 8 affected —

Red Hat Red Hat Enterprise Linux 9 affected —

Red Hat Red Hat OpenShift Container Platform 4 affected —

Red Hat Red Hat Satellite 6 affected —

Red Hat Red Hat Update Infrastructure 4 for Cloud Providers affected —

Configuration 1 [-]

OR	cpe:2.3:a:opensuse:libsolv:0.7.36:::::::*
	cpe:2.3:a:redhat:hardened_images:-:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*
	cpe:2.3:a:redhat:satellite:6.0:::::::*
	cpe:2.3:a:redhat:update_infrastructure:4:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*

No data.

Vendor Product Confidence Versions

Redhat

Enterprise Linux

100%

Version	Status	Scheme	Platform
`—`	affected	—	—

Redhat

Hardened Images

83%

Version	Status	Scheme	Platform
`—`	affected	—	—

Redhat

Openshift Container Platform

86%

Version	Status	Scheme	Platform
`—`	affected	—	—

Redhat

Satellite

100%

Version	Status	Scheme	Platform
`—`	affected	—	—

Redhat

Update Infrastructure

100%

Version	Status	Scheme	Platform
`—`	affected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

Review configuration settings to prevent automatic loading of .solv files from untrusted sources, ensuring only verified files are processed.
Enable file integrity monitoring to detect unexpected changes to libsolv binaries or associated archives, and alert when abnormal activity occurs.
Stay informed on Red Hat advisories and apply the vendor’s security update as soon as it becomes available.

Generated by OpenCVE AI on May 26, 2026 at 19:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00158.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://access.redhat.com/errata/RHSA-2026:21333
https://access.redhat.com/security/cve/CVE-2026-48864
https://bugzilla.redhat.com/show_bug.cgi?id=2460425
https://nvd.nist.gov/vuln/detail/CVE-2026-48864
https://www.cve.org/CVERecord?id=CVE-2026-48864

History

Thu, 28 May 2026 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Opensuse Opensuse libsolv
CPEs		cpe:2.3:a:opensuse:libsolv:0.7.36:::::::* cpe:2.3:a:redhat:hardened_images:-:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:satellite:6.0:::::::* cpe:2.3:a:redhat:update_infrastructure:4:::::::* cpe:2.3:o:redhat:enterprise_linux:10.0:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
Vendors & Products		Opensuse Opensuse libsolv

Thu, 28 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 28 May 2026 03:00:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2026:21333

Wed, 27 May 2026 10:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat hardened Images Redhat openshift Container Platform Redhat update Infrastructure
Vendors & Products		Redhat hardened Images Redhat openshift Container Platform Redhat update Infrastructure

Wed, 27 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2026-48864 https://www.cve.org/CVERecord?id=CVE-2026-48864
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 26 May 2026 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 26 May 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.
Title		Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data
First Time appeared		Redhat Redhat enterprise Linux Redhat hummingbird Redhat openshift Redhat rhui Redhat satellite
Weaknesses		CWE-787
CPEs		cpe:/a:redhat:hummingbird:1 cpe:/a:redhat:openshift:4 cpe:/a:redhat:rhui:4::el8 cpe:/a:redhat:satellite:6 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat hummingbird Redhat openshift Redhat rhui Redhat satellite
References		https://access.redhat.com/security/cve/CVE-2026-48864 https://bugzilla.redhat.com/show_bug.cgi?id=2460425
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Subscriptions

Opensuse Libsolv

Redhat Enterprise Linux Hardened Images Hummingbird Openshift Openshift Container Platform Rhui Satellite Update Infrastructure

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-05-26T16:16:07.581Z

Updated: 2026-05-28T13:28:44.209Z

Reserved: 2026-05-25T20:59:30.306Z

Link: CVE-2026-48864

Vulnrichment

Updated: 2026-05-26T17:22:57.983Z

NVD

Status : Analyzed

Published: 2026-05-26T17:16:54.050

Modified: 2026-05-28T19:22:42.087

Link: CVE-2026-48864

Redhat

Severity : Moderate

Publid Date: 2026-05-26T16:07:55Z

Links: CVE-2026-48864 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-27T10:04:51Z

Weaknesses

CWE-787
Out-of-bounds Write

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object