CVE-2026-4046

HIGH 7.5

iconv crash due to assertion failure with untrusted input

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.

CWE	CWE-617
Vendor	the gnu c library
Product	glibc
Published	Mar 30, 2026
Last Updated	Mar 30, 2026

Stay Ahead of the Next One

Get instant alerts for the gnu c library glibc

Be the first to know when new high vulnerabilities affecting the gnu c library glibc are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

The GNU C Library / glibc

2.3.3 < *

References

NVD ↗ CVE.org ↗ EPSS Data ↗

sourceware.org: https://sourceware.org/bugzilla/show_bug.cgi?id=33980 sourceware.org: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD

Credits

Rocket Ma