Description
A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.
Published: 2026-04-22
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Code Execution
Action: Immediate Patch
AI Analysis

Impact

A heap‑buffer‑overflow flaw exists in binutils when it processes a specially crafted XCOFF object file during the link stage. The overflow can be triggered by a malformed section header that causes a write beyond the bounds of a heap buffer. If exploited, the attacker can gain arbitrary code execution, allowing the execution of arbitrary commands or the compromise of the system, or may trigger a denial of service that renders the affected machine unavailable. The weakness is identified as CWE‑122.

Affected Systems

Red Hat products affected include Red Hat Enterprise Linux 6, 7, 8, 9 and 10, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4. The affected binaries are those shipped by these distributions; precise package names and patch levels are not listed in the advisory.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity. EPSS is currently unavailable, so the estimated exploitability probability cannot be quantified, but the vulnerability requires local privilege – the attacker must be able to trick a user into opening the malicious XCOFF file. The vulnerability is not in CISA’s KEV catalog, so no public exploit is known. Still, because arbitrary code execution is possible, the risk is significant to any system that links arbitrary object files supplied by an untrusted source.

Generated by OpenCVE AI on April 22, 2026 at 10:23 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

  • Update binutils to the latest available package provided by Red Hat.
  • If using a custom build, apply Red Hat's fix or upgrade the binutils source to the patched revision.
  • Periodically scan for and remove any malicious XCOFF files or restrict file permissions to prevent local execution.

Generated by OpenCVE AI on April 22, 2026 at 10:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Iputils
Iputils iputils
Redhat hardened Images
Redhat openshift Container Platform
Vendors & Products Iputils
Iputils iputils
Redhat hardened Images
Redhat openshift Container Platform
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 22 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.
Title Binutils: binutils: arbitrary code execution via malformed xcoff object file processing
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Weaknesses CWE-122
CPEs cpe:/a:redhat:hummingbird:1
cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Iputils Iputils
Redhat Enterprise Linux Hardened Images Hummingbird Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-22T16:36:17.629Z

Reserved: 2026-04-22T07:59:20.292Z

Link: CVE-2026-6846

cve-icon Vulnrichment

Updated: 2026-04-22T15:30:24.254Z

cve-icon NVD

Status : Received

Published: 2026-04-22T09:16:27.607

Modified: 2026-04-22T09:16:27.607

Link: CVE-2026-6846

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-08T00:00:00Z

Links: CVE-2026-6846 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:43:45Z

Weaknesses