Zero Day MonitorZDM

← Back to list

7.8

CVE-2026-43958

red hat · red hat enterprise linux

Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

Description

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary code execution, impacting the integrity and confidentiality of data.

Affected Products

Vendor	Product	Versions
red hat	red hat enterprise linux	—

References

https://access.redhat.com/security/cve/CVE-2026-43958(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2460932(issue-tracking, x_refsource_REDHAT)

Related News (2 articles)

Tier A

Microsoft MSRC1d ago

CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

→ No new info (linked only)

Tier C

VulDB6d ago

CVE-2026-43958 | Red Hat Enterprise Linux up to 10 rrdcached stack-based overflow

→ No new info (linked only)

CVSS 3.17.8 NONE

CISA KEV❌ No

Actively exploited❌ No

CWECWE-121

PublishedJun 1, 2026

Last enriched6d agov2

Trending Score32

Source articles2

Independent2

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-11332EXP

Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution

NONECVE-2026-10533EXP

Openshift: openshift: non-admin user can bypass resourcequota and flood etcd with events causing cluster-wide api degradation

NONECVE-2026-9793EXP

Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

NONECVE-2026-3238EXP

Samba: denial of service against ad dc wins server

Information Disclosure Vulnerability in Ansible

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 1, 2026

Discovered by ZDM

Jun 1, 2026

Updated: affectedVersions, severity

Jun 1, 2026

Version History

v2

Last enriched 6d ago

v2Tier C6d ago

Updated affected versions to include 6, 7, 8, 9, 10 and changed severity to CRITICAL.

affectedVersionsseverity

via VulDB

v16d ago

Initial creation