Cyber Resilience

CVE-2026-6846

HighUpdated

Published: 22 April 2026

Published
22 April 2026
Modified
20 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0001 0.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-6846 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 0.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-6846 is a heap-buffer-overflow vulnerability (CWE-122) in binutils, triggered when processing a specially crafted XCOFF (Extended Common Object File Format) object file during the linking process. Published on 2026-04-22, it affects the binutils software package, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A local attacker can exploit this vulnerability by tricking a user into processing the malicious XCOFF file, leading to arbitrary code execution that allows running unauthorized commands or causing a denial of service that renders the system unavailable.

Red Hat advisories provide further details on mitigation, available at https://access.redhat.com/security/cve/CVE-2026-6846 and https://bugzilla.redhat.com/show_bug.cgi?id=2460006.

EU & UK References

Vulnerability details

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead…

more

to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Heap buffer overflow in binutils triggered by malicious XCOFF file processing leads to arbitrary code execution after user interaction, directly enabling exploitation of a client application vulnerability for code execution.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-32990Same product: Redhat Enterprise Linux
CVE-2026-3441Same product: Gnu Binutils
CVE-2026-3442Same product: Gnu Binutils
CVE-2026-42010Same product: Redhat Enterprise Linux
CVE-2026-48864Same product: Redhat Enterprise Linux
CVE-2026-33845Same product: Redhat Enterprise Linux
CVE-2025-0678Same product: Redhat Enterprise Linux
CVE-2025-32988Same product: Redhat Enterprise Linux
CVE-2024-45782Same product: Redhat Enterprise Linux
CVE-2025-0840Same product: Gnu Binutils

Affected Assets

gnu
binutils
≤ 2.46
redhat
hardened images
all versions
redhat
openshift container platform
4.0
redhat
enterprise linux
10.0, 6.0, 8.0, 9.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CVE by requiring timely identification, reporting, and patching of the heap-buffer-overflow flaw in binutils to prevent exploitation.

prevent

Provides memory protection mechanisms like ASLR, DEP, and stack guards that mitigate heap buffer overflow exploits leading to arbitrary code execution or DoS.

detect

Enables detection of vulnerable binutils installations via regular vulnerability scanning, supporting proactive remediation of this specific flaw.

References