MEDIUM
Uncrustify
CVE published 2026-05-21
CVE-2026-36189
CVE-2026-36189 describes a buffer overflow in the Uncrustify project that can let a local attacker trigger a denial of service in the uncrustify executable path. The issue is identified in check_template.cpp, including the check_template and tokenize_cleanup functions, and the supplied record says it is fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc. NVD assigns CVSS 3.1 AV:L/AC:L/PR:N/UI:N/S:U/ [truncated]