🔐 CVE Alert

CVE-2026-40468

UNKNOWN 0.0

Heap buffer overflow in gawk

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below.

CWE CWE-190
Vendor gnu
Product gawk
Published Jul 13, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for gnu gawk

Be the first to know when new unknown vulnerabilities affecting gnu gawk are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

GNU / gawk
0 ≤ 5.4.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗
cgit.git.savannah.gnu.org: https://cgit.git.savannah.gnu.org/cgit/gawk.git/commit/?id=062f2f2581b991362c046f7f2e238ffa34e6f8c7 cert.pl: https://cert.pl/en/posts/2026/07/CVE-2026-40467

Credits

Michał Majchrowicz (AFINE) Marcin Wyczechowski (AFINE)