CVE-2026-22184
Published: 07 January 2026
Summary
CVE-2026-22184 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability in Zlib Zlib. Its CVSS base score is 4.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 11.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-22184 is a global buffer overflow vulnerability (CWE-787) affecting zlib versions up to and including 1.3.1.2. The issue resides in the standalone demonstration utility untgz, located under contrib/untgz, and does not impact the core zlib compression library. It manifests as an out-of-bounds write in a fixed-size global buffer when the untgz command is executed with an excessively long archive name provided via the command line. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-01-07.
A local attacker with low privileges can exploit this vulnerability by running the untgz utility against a maliciously crafted command-line argument with an overly long archive filename. Successful exploitation leads to high-impact confidentiality, integrity, and availability consequences, potentially enabling arbitrary code execution, data corruption, or denial of service on the affected system, with low attack complexity and no user interaction required.
Advisories and references, including the zlib GitHub repository, Full Disclosure mailing list, VulnCheck advisory, zlib.net, and GitHub issue #1142, provide details on the flaw and associated patches or workarounds for mitigation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-1173
Vulnerability details
zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs…
more
when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local buffer overflow in untgz utility directly enables arbitrary code execution via crafted CLI argument, mapping to exploitation for privilege escalation on the host.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the known buffer overflow flaw in the untgz utility by requiring timely patching of vulnerable zlib versions.
Prevents exposure to the vulnerability by disabling or removing non-essential demonstration utilities like untgz that are not required for core zlib functionality.
Provides memory protection mechanisms such as ASLR and stack canaries that mitigate successful exploitation of the buffer overflow for code execution or corruption.