PatchSiren cyber security CVE debrief
CVE-2026-4046 The GNU C Library CVE debrief
The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them. Affected systems may experience crashes or instability. Users should verify the presence of these character sets and consider mitigation steps.
- Vendor
- The GNU C Library
- Product
- glibc
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-30
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-03-30
- Advisory updated
- 2026-07-14
Who should care
Users of GNU C Library versions 2.43 and earlier should be aware of this vulnerability and take steps to mitigate it, especially if they use the IBM1390 or IBM1399 character sets. System administrators and security teams should review system configurations and apply necessary patches or mitigations.
Technical summary
The iconv() function in the GNU C Library versions 2.43 and earlier has a vulnerability that may cause a crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets. The Common Vulnerabilities and Exposures (CVE) score for this vulnerability is 7.5, indicating a high severity. The vulnerability can be mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them. Affected systems may require patches or updates to ensure stability.
Defensive priority
High
Recommended defensive actions
- Inventory and verify the presence of GNU C Library versions 2.43 and earlier
- Remove the IBM1390 and IBM1399 character sets from systems that do not need them
- Monitor for and apply patches or updates from the vendor
- Review system configurations for potential exposure
- Verify system stability and perform testing
- Track exceptions and retest remediated assets
- Document evidence of mitigation and verification
Evidence notes
The CVE record was published on 2026-03-30T18:16:19.573Z and was last modified on 2026-07-14T13:18:57.707Z. The NVD entry is currently Modified. The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets. Evidence is limited to public CVE and NVD information.
Official resources
-
CVE-2026-4046 CVE record
CVE.org
-
CVE-2026-4046 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
3ff69d7a-14f2-4f67-a097-88dee7810d18
-
Mitigation or vendor reference
3ff69d7a-14f2-4f67-a097-88dee7810d18 - Exploit, Issue Tracking, Patch
-
Mitigation or vendor reference
3ff69d7a-14f2-4f67-a097-88dee7810d18 - Third Party Advisory
-
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-30T18:16:19.573Z and has not been modified since then.