CVE-2026-40025

MEDIUM 4.4

Sleuth Kit APFS Keybag Parser Out-of-Bounds Read

CVSS Score

4.4

EPSS Score

0.0%

EPSS Percentile

2th

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS disk image that triggers information disclosure or crashes when processed by any Sleuth Kit tool that parses APFS volumes.

CWE	CWE-125
Vendor	sleuthkit
Product	sleuthkit
Published	Apr 8, 2026
Last Updated	Apr 9, 2026

Stay Ahead of the Next One

Get instant alerts for sleuthkit sleuthkit

Be the first to know when new medium vulnerabilities affecting sleuthkit sleuthkit are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Affected Versions

sleuthkit / sleuthkit

0 ≤ 4.14.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/sleuthkit/sleuthkit/pull/3444 github.com: https://github.com/sleuthkit/sleuthkit/commit/8b9c9e7d493bd68624f3b1a3963edd45c3ff7611 mobasi.ai: https://mobasi.ai/sentinel vulncheck.com: https://www.vulncheck.com/advisories/sleuth-kit-apfs-keybag-parser-out-of-bounds-read

Credits

Mobasi Security Team