CVE-2026-14685
HdrHistogram AbstractHistogram AbstractHistogram.java recordValueWithCount state issue
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file src/main/java/org/HdrHistogram/AbstractHistogram.java of the component AbstractHistogram. Such manipulation of the argument Count leads to state issue. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
| CWE | CWE-371 |
| Vendor | n/a |
| Product | hdrhistogram |
| Published | Jul 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a hdrhistogram
Be the first to know when new low vulnerabilities affecting n/a hdrhistogram are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / HdrHistogram
2.2.0 2.2.1 2.2.2
References
vuldb.com: https://vuldb.com/vuln/376281 vuldb.com: https://vuldb.com/vuln/376281/cti vuldb.com: https://vuldb.com/cve/CVE-2026-14685 vuldb.com: https://vuldb.com/submit/846761 github.com: https://github.com/HdrHistogram/HdrHistogram/issues/221 github.com: https://github.com/HdrHistogram/HdrHistogram/
Credits
๐ sara11h (VulDB User) VulDB CNA Team