CVE-2026-40200

High

Published: 10 April 2026

Published

10 April 2026

Modified

27 April 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0002 5.0th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-40200 is a high-severity Always-Incorrect Control Flow Implementation (CWE-670) vulnerability in Libc (inferred from references). Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly addresses the CVE by requiring identification, reporting, and correction of the stack-based memory corruption flaw in vulnerable musl libc versions through timely patching.

SI-16 Memory Protection good match

prevent

Provides comprehensive memory safeguards like stack canaries, ASLR, and non-executable memory to block exploitation of the stack corruption triggered by qsort on large arrays.

RA-5 Vulnerability Monitoring and Scanning partial match

preventdetect

Supports detection of the specific musl libc vulnerability via scanning and initiates remediation to prevent exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Local stack-based memory corruption in musl libc qsort enables exploitation for privilege escalation (T1068) due to no-privilege requirement, scope change, and high C/I/A impact via memory corruption, though high complexity and impractical array size introduce uncertainty.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo…

number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).

Deeper analysisAI

CVE-2026-40200 is a stack-based memory corruption vulnerability affecting musl libc versions 0.7.10 through 1.2.6. The issue arises during qsort operations on very large arrays, where the number of elements must exceed about seven million—the 32nd Leonardo number on 32-bit platforms—or the 64th Leonardo number on 64-bit platforms, which is not practical. It stems from incorrectly implemented double-word primitives and is classified under CWE-670.

The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). Local attackers require no privileges but must overcome high attack complexity to trigger it, potentially achieving high impacts on confidentiality, integrity, and availability with a change in scope through memory corruption.

Advisories and patches are referenced in the musl libc release notes at https://musl.libc.org/releases.html and the oss-security mailing list announcement at https://www.openwall.com/lists/oss-security/2026/04/10/13 or http://www.openwall.com/lists/oss-security/2026/04/10/13. The vulnerability was published on 2026-04-10.