PatchSiren cyber security CVE debrief
CVE-2026-48864 Red Hat CVE debrief
A heap buffer overflow vulnerability exists in libsolv, a library used for package dependency solving. The flaw occurs during decompression of attacker-controlled compressed data within `.solv` files, stemming from insufficient input validation. An attacker can craft a malicious `.solv` file that, when processed by a vulnerable application, triggers out-of-bounds memory access. This vulnerability was published on May 26, 2026, and carries a HIGH severity CVSS 3.1 score of 7.8. The attack vector is local, requiring user interaction to open a crafted file, but successful exploitation can lead to information disclosure, execution flow alteration, or denial of service. The vulnerability is classified under CWE-787 (Out-of-bounds Write). Red Hat has assigned this CVE and is tracking it through their security advisory and bugzilla systems. No known exploitation in the wild or ransomware campaign use has been reported.
- Vendor
- Red Hat
- Product
- Red Hat Enterprise Linux 10
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-26
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-26
- Advisory updated
- 2026-05-26
Who should care
System administrators managing Linux package managers (dnf, zypper), developers integrating libsolv for dependency resolution, security teams monitoring supply chain tooling, and organizations using RPM-based or SUSE-based distributions where libsolv is a core component.
Technical summary
The vulnerability resides in libsolv's decompression routine for .solv files. Insufficient bounds checking on compressed data allows a malformed file to trigger heap buffer overflow during decompression. The CVSS vector indicates local attack surface (AV:L) with user interaction required (UI:R), but successful exploitation yields high confidentiality, integrity, and availability impact. The attack does not require privileges (PR:N) and has low attack complexity (AC:L).
Defensive priority
high
Recommended defensive actions
- Apply security updates for libsolv when available from your distribution vendor
- Validate and sanitize all .solv files from untrusted sources before processing
- Implement application sandboxing to contain potential exploitation
- Monitor for anomalous crashes in applications using libsolv
- Review application logs for unexpected .solv file processing errors
Evidence notes
CVE description confirms heap buffer overflow in libsolv during .solv file decompression. CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H supports local attack vector with high impact. Red Hat references indicate vendor acknowledgment. CWE-787 classification aligns with out-of-bounds write description. No KEV entry present.
Official resources
2026-05-26