CVE-2026-41988

LOW

CVSS v3.1: 3.2 · EPSS: 0.0014 (3.6 percentile)

No privilegesNo user interactionVendor advisory ref

Source data as of:

At a glance

Severity
LOW
CVSS
3.2 v3.1 · NVD
EPSS
0.0014 (3.6 percentile) · FIRST.org
CISA KEV
No
Attack conditions (CVSS vector)
No privilegesNo user interaction · Source: NVD Vector
Affected vendors
uuidjs
Published
2026-04-23 · Modified: 2026-07-08

CVSS / EPSS / KEV

CVSS v3.1 3.2 / 10 LOW Source: NVD
EPSS 0.0014 3.6 percentile Source: FIRST.org
CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.

Record details

CVE ID
CVE-2026-41988
CVSS (v3.1)
3.2 (LOW)
Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Exploitability subscore
1.4
Impact subscore
1.4
EPSS
0.0014 (3.6 percentile) — 2026-07-08
CISA KEV
No
Weakness (CWE)
CWE-670
Affected vendors
uuidjs
Affected configurations (CPE)
3
Published
2026-04-23
Modified
2026-07-08
Status
Analyzed

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.