CVE-2026-40468
Heap buffer overflow in gawk
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below.
| CWE | CWE-190 |
| Vendor | gnu |
| Product | gawk |
| Published | Jul 13, 2026 |
| Last Updated | Jul 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for gnu gawk
Be the first to know when new unknown vulnerabilities affecting gnu gawk are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
GNU / gawk
0 ≤ 5.4.0
References
Credits
Michał Majchrowicz (AFINE) Marcin Wyczechowski (AFINE)