CVE-2026-0861
Published: 14 January 2026
Summary
CVE-2026-0861 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Gnu Glibc. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the integer overflow vulnerability in glibc memalign functions by requiring timely application of vendor patches from GLIBC-SA-2026-0001.
Identifies systems with vulnerable glibc versions 2.30-2.42 through vulnerability scanning, enabling proactive flaw remediation for this CVE.
Provides memory safeguards such as ASLR and DEP to mitigate exploitation of heap corruption resulting from the integer overflow in memalign functions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local integer overflow in glibc memalign APIs enables heap corruption and potential arbitrary code execution/privilege escalation when attacker-controlled size/alignment args are supplied (directly matching T1068).
NVD Description
Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the…
more
attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.
Deeper analysisAI
CVE-2026-0861 is an integer overflow vulnerability (CWE-190) in the memalign suite of functions—specifically memalign, posix_memalign, and aligned_alloc—within the GNU C Library (glibc) versions 2.30 through 2.42. Passing an excessively large alignment value alongside a size near PTRDIFF_MAX triggers the overflow, resulting in heap corruption. The vulnerable alignment inputs are constrained to narrow ranges: [1<<62 + 1, 1<<63] for memalign and exactly 1<<63 for posix_memalign and aligned_alloc.
Exploitation requires an attacker to control both the size and alignment arguments passed to these functions. With a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), a local attacker needs no privileges and can achieve high impacts on confidentiality, integrity, and availability, potentially enabling heap-based exploits like arbitrary code execution. However, alignments are typically fixed values (e.g., page or block sizes) not under attacker control, making direct exploitation uncommon without a separate application bug, such as another overflow propagating invalid inputs.
Advisories and patches are detailed in the glibc security advisory GLIBC-SA-2026-0001 (https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001), the upstream Bugzilla tracker (https://sourceware.org/bugzilla/show_bug.cgi?id=33796), and oss-security mailing list discussions (http://www.openwall.com/lists/oss-security/2026/01/16/5).
Details
- CWE(s)