CVE-2026-3442

Medium

Published: 16 March 2026

Published

16 March 2026

Modified

20 March 2026

KEV Added

—

Patch

—

CVSS Score 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

EPSS Score 0.0001 0.3th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3442 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 6.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 0.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002) and 1 other technique.

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

OOB read in file parser enables local DoS via crafted XCOFF (T1499.004) and relies on user processing malicious file (T1204.002).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object…

file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.

Deeper analysisAI

CVE-2026-3442 is a heap-based buffer overflow vulnerability, specifically an out-of-bounds read, in the BFD linker component of GNU Binutils. Published on 2026-03-16T14:19:47.720, it carries a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L) and maps to CWE-125 (Out-of-bounds Read).

The vulnerability can be exploited by an attacker who convinces a user to process a specially crafted malicious XCOFF object file using affected GNU Binutils tools. Exploitation requires local access and user interaction but no privileges. Successful attacks may disclose sensitive information or crash the application, leading to an application-level denial of service.

Red Hat advisories provide further details on this issue, including patches and mitigation guidance, available at https://access.redhat.com/security/cve/CVE-2026-3442 and https://bugzilla.redhat.com/show_bug.cgi?id=2443828.

Details

CWE(s): CWE-125

Affected Products

gnu

binutils

all versions

redhat

openshift container platform

4.0

redhat

enterprise linux

10.0, 6.0, 7.0, 8.0, 9.0

CVEs Like This One

CVE-2026-3441Same product: Gnu Binutils

CVE-2026-5673Same product: Redhat Enterprise Linux

CVE-2025-32990Same product: Redhat Enterprise Linux

CVE-2025-0678Same product: Redhat Enterprise Linux

CVE-2026-33845Same product: Redhat Enterprise Linux

CVE-2024-45782Same product: Redhat Enterprise Linux

CVE-2025-32988Same product: Redhat Enterprise Linux

CVE-2026-4437Same vendor: Gnu

CVE-2026-33905Shared CWE-125

CVE-2026-1584Same vendor: Gnu

References

https://access.redhat.com/security/cve/CVE-2026-3442
Vendor Advisory · secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2443828
Issue Tracking, Vendor Advisory · secalert@redhat.com