CVE-2026-41988

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-41988
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-41988.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-41988
Aliases
Downstream
Published
2026-04-23T04:00:54.960Z
Modified
2026-06-18T03:56:11.686222333Z
Severity
  • 3.2 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.

Database specific 
{
    "cna_assigner": "mitre",
    "cwe_ids": [
        "CWE-670"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41988.json"
}
References

Affected packages

Git / github.com/uuidjs/uuid

Affected ranges

Type
GIT
Repo
https://github.com/uuidjs/uuid
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b
Fixed
3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34
Database specific 
{
    "source": [
        "DESCRIPTION",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "14.0.0"
        }
    ]
}

Affected versions

v1.*
v1.0
v1.1
v1.2
v1.3
v1.3.1
v1.3.2
v1.3.3
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v11.*
v11.0.1
v11.0.2
v11.0.3
v11.0.4
v11.0.5
v11.1.0
v12.*
v12.0.0
v13.*
v13.0.0
v3.*
v3.0.1
v3.1.0
v3.3.1
v3.3.2
v3.3.3
v3.4.0
v7.*
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v8.*
v8.0.0
v8.1.0
v8.2.0
v8.3.0
v8.3.1
v8.3.2
v9.*
v9.0.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-41988.json"