PatchSiren cyber security CVE debrief
CVE-2026-53689 sahlberg CVE debrief
CVE-2026-53689 is a HIGH severity vulnerability in libnfs through 6.0.2 before 55c18ea. The vulnerability occurs due to an integer overflow during a connection to a crafted NFS server. This happens in libnfs_zdr_string in lib/libnfs-zdr.c. The CVSS score for this vulnerability is 7.1.
- Vendor
- sahlberg
- Product
- libnfs
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of libnfs through 6.0.2 before 55c18ea should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by a lack of validation of a string size in libnfs, leading to an integer overflow. This occurs in the libnfs_zdr_string function in lib/libnfs-zdr.c.
Defensive priority
HIGH
Recommended defensive actions
- Update libnfs to version 6.0.2 or later, or apply patch 55c18ea.
Evidence notes
The CVE record for CVE-2026-53689 was published on 2026-06-10T15:16:42.350Z and last modified on 2026-06-10T20:22:55.220Z. The vulnerability has a CVSS score of 7.1 and is classified as HIGH severity.
Official resources
-
CVE-2026-53689 CVE record
CVE.org
-
CVE-2026-53689 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-53689 was published on 2026-06-10T15:16:42.350Z.