CVE-2026-41988
LOWCVSS v3.1: 3.2 · EPSS: 0.0014 (3.6 percentile)
Source data as of:
At a glance
- Severity
- LOW
- CVSS
- 3.2 v3.1 · NVD
- EPSS
- 0.0014 (3.6 percentile) · FIRST.org
- CISA KEV
- No
- Attack conditions (CVSS vector)
- No privilegesNo user interaction · Source: NVD Vector
- Affected vendors
- uuidjs
- Published
- 2026-04-23 · Modified: 2026-07-08
- References
- Jump to references (2)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.