Cyber Resilience

CVE-2026-22184

MediumPublic PoCUpdated

Published: 07 January 2026

Published
07 January 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v4 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0021 11.2th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-22184 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability in Zlib Zlib. Its CVSS base score is 4.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 11.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-22184 is a global buffer overflow vulnerability (CWE-787) affecting zlib versions up to and including 1.3.1.2. The issue resides in the standalone demonstration utility untgz, located under contrib/untgz, and does not impact the core zlib compression library. It manifests as an out-of-bounds write in a fixed-size global buffer when the untgz command is executed with an excessively long archive name provided via the command line. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-01-07.

A local attacker with low privileges can exploit this vulnerability by running the untgz utility against a maliciously crafted command-line argument with an overly long archive filename. Successful exploitation leads to high-impact confidentiality, integrity, and availability consequences, potentially enabling arbitrary code execution, data corruption, or denial of service on the affected system, with low attack complexity and no user interaction required.

Advisories and references, including the zlib GitHub repository, Full Disclosure mailing list, VulnCheck advisory, zlib.net, and GitHub issue #1142, provide details on the flaw and associated patches or workarounds for mitigation.

EU & UK References

Vulnerability details

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs…

more

when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local buffer overflow in untgz utility directly enables arbitrary code execution via crafted CLI argument, mapping to exploitation for privilege escalation on the host.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2016-20044Shared CWE-787
CVE-2026-23326Shared CWE-787
CVE-2024-43077Shared CWE-787
CVE-2024-53697Shared CWE-787
CVE-2025-20890Shared CWE-787
CVE-2026-23073Shared CWE-787
CVE-2025-20708Shared CWE-787
CVE-2025-1471Shared CWE-787
CVE-2024-35273Shared CWE-787
CVE-2022-49062Shared CWE-787

Affected Assets

zlib
zlib
≤ 1.3.1.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the known buffer overflow flaw in the untgz utility by requiring timely patching of vulnerable zlib versions.

prevent

Prevents exposure to the vulnerability by disabling or removing non-essential demonstration utilities like untgz that are not required for core zlib functionality.

prevent

Provides memory protection mechanisms such as ASLR and stack canaries that mitigate successful exploitation of the buffer overflow for code execution or corruption.

References