CVE-2026-48863 - Vulnerability Details - OpenCVE

A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Libsolv	Libsolv

No data.

No data.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2026-48863
https://www.cve.org/CVERecord?id=CVE-2026-48863

History

Sat, 30 May 2026 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Libsolv Libsolv libsolv
Vendors & Products		Libsolv Libsolv libsolv

Wed, 27 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows.
Title		libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service
Weaknesses		CWE-121
References		https://nvd.nist.gov/vuln/detail/CVE-2026-48863 https://www.cve.org/CVERecord?id=CVE-2026-48863
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Important`

MITRE

No data.

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Important

Publid Date: 2026-05-26T18:53:04Z

Links: CVE-2026-48863 - Bugzilla

{"acknowledgement": "This issue was discovered by AISLE in partnership with Red Hat.", "bugzilla": {"description": "libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service", "id": "2460975", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460975"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-121", "details": ["A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-48863", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "libsolv", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libsolv", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libsolv", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libsolv", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Not affected", "package_name": "libsolv", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "satellite-capsule:el8/libsolv", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhui:4::el8", "fix_state": "Not affected", "package_name": "libsolv", "product_name": "Red Hat Update Infrastructure 4 for Cloud Providers"}], "public_date": "2026-05-26T18:53:04Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-48863\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-48863"], "statement": "This is an Important memory-safety flaw in libsolv's PGP verification component, which can be triggered by specially crafted Ed25519 signatures. The vulnerability allows for a stack-based buffer overflow, potentially leading to a denial of service in automated package or repository processing workflows when verifying attacker-controlled signed content or metadata. This vulnerability doesn't affect any support Red Hat products as the vulnerable function is only compiled when `ENABLE_PUBKEY` configuration is enabled during build time. Such configuration option is disabled when the `libsolv` package is built for Red Hat Enterprise Linux versions, thus the affected code is not present in the final distributed binary.", "threat_severity": "Important"}