CVE-2026-4012

A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read_ of the file src/fe.c. This manipulation with the input 1 causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.

CVSS v3 3.3 LOW
CVSS v2.0 1.7 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.7^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/oneafter/0211/blob/main/fe/repro
https://github.com/rxi/fe/
https://github.com/rxi/fe/issues/34
https://vuldb.com/?ctiid.350534
https://vuldb.com/?id.350534
https://vuldb.com/?submit.769774

Configurations

No configuration.

History

22 Apr 2026, 21:30

Type	Values Removed	Values Added
Summary		(es) Se determinó una vulnerabilidad en rxi fe hasta ed4cda96bd582cbb08520964ba627efb40f3dd91. El elemento afectado es la función read_ del archivo src/fe.c. Esta manipulación con la entrada 1 causa una lectura fuera de límites. El ataque requiere acceso local. El exploit ha sido divulgado públicamente y puede ser utilizado. Este producto utiliza un modelo de lanzamiento continuo para entregar actualizaciones continuas. Como resultado, la información de versión específica para las versiones afectadas o actualizadas no está disponible. El proyecto fue informado del problema tempranamente a través de un informe de problema, pero aún no ha respondido.

12 Mar 2026, 08:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-12 08:16

Updated : 2026-04-22 21:30

NVD link : CVE-2026-4012

Mitre link : CVE-2026-4012

CVE.ORG link : CVE-2026-4012

JSON object : View

Products Affected

No product.

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-125

Out-of-bounds Read

3.3 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.7 /10

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2026-4012

3.3^/10

1.7^/10

Attach tags to `CVE-2026-4012`