PatchSiren cyber security CVE debrief
CVE-2026-5121 Redhat CVE debrief
CVE-2026-5121 is a high-severity libarchive flaw affecting zisofs block pointer allocation logic on 32-bit systems. A specially crafted ISO9660 image can trigger an integer overflow that may become a heap buffer overflow, so systems that process untrusted images should treat this as a priority patch item. The NVD record was published on 2026-03-30 and last modified on 2026-05-11, with Red Hat advisories and an upstream fix referenced in the record.
- Vendor
- Redhat
- Product
- CVE-2026-5121
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-30
- Original CVE updated
- 2026-05-11
- Advisory published
- 2026-03-30
- Advisory updated
- 2026-05-11
Who should care
Administrators and developers who ship or consume libarchive, especially on 32-bit builds or on systems that parse ISO9660 images. This also matters for teams managing the Red Hat products listed in the NVD CPE data, including RHEL 6-10, OpenShift Container Platform 4.0, and hardened_images.
Technical summary
The supplied sources describe an integer overflow in libarchive's zisofs block pointer allocation logic on 32-bit systems. According to the CVE description, a remote attacker can exploit the issue by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow and potentially arbitrary code execution. NVD assigns CVSS v3.1 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps the issue to CWE-190.
Defensive priority
High. The flaw is remotely triggerable, requires no privileges or user interaction per the supplied CVSS vector, and affects parsing of attacker-controlled image content.
Recommended defensive actions
- Apply the vendor security updates referenced by the Red Hat advisories in the NVD record.
- Update or backport the upstream libarchive fix referenced by the linked project patch and ensure downstream packages include it.
- Inventory where libarchive is used, including embedded copies in application stacks, containers, and OS packages.
- Prioritize 32-bit deployments and builds, since the integer overflow is reported on 32-bit systems.
- Limit processing of untrusted ISO9660 images and restrict where externally supplied archive content can be opened or mounted.
- After patching, re-verify package versions and rerun your normal security validation checks for libarchive consumers.
Evidence notes
This debrief is based only on the supplied NVD record and its referenced Red Hat and project links. The record identifies libarchive as the affected component, cites CWE-190, and lists multiple Red Hat errata plus the upstream libarchive pull request as references. No public exploitation or KEV entry is included in the provided corpus.
Official resources
Publicly disclosed in the CVE/NVD record on 2026-03-30 and last modified on 2026-05-11. No Known Exploited Vulnerabilities entry is present in the supplied data.