CVE-2026-41907
uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is provided
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0.
| CWE | CWE-823 CWE-787 |
| Vendor | uuidjs |
| Product | uuid |
| Published | Apr 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for uuidjs uuid
Be the first to know when new unknown vulnerabilities affecting uuidjs uuid are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
uuidjs / uuid
< 14.0.0