PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-4046 The GNU C Library CVE debrief

The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them. Affected systems may experience crashes or instability. Users should verify the presence of these character sets and consider mitigation steps.

Vendor
The GNU C Library
Product
glibc
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-30
Original CVE updated
2026-07-14
Advisory published
2026-03-30
Advisory updated
2026-07-14

Who should care

Users of GNU C Library versions 2.43 and earlier should be aware of this vulnerability and take steps to mitigate it, especially if they use the IBM1390 or IBM1399 character sets. System administrators and security teams should review system configurations and apply necessary patches or mitigations.

Technical summary

The iconv() function in the GNU C Library versions 2.43 and earlier has a vulnerability that may cause a crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets. The Common Vulnerabilities and Exposures (CVE) score for this vulnerability is 7.5, indicating a high severity. The vulnerability can be mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them. Affected systems may require patches or updates to ensure stability.

Defensive priority

High

Recommended defensive actions

  • Inventory and verify the presence of GNU C Library versions 2.43 and earlier
  • Remove the IBM1390 and IBM1399 character sets from systems that do not need them
  • Monitor for and apply patches or updates from the vendor
  • Review system configurations for potential exposure
  • Verify system stability and perform testing
  • Track exceptions and retest remediated assets
  • Document evidence of mitigation and verification

Evidence notes

The CVE record was published on 2026-03-30T18:16:19.573Z and was last modified on 2026-07-14T13:18:57.707Z. The NVD entry is currently Modified. The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets. Evidence is limited to public CVE and NVD information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-30T18:16:19.573Z and has not been modified since then.