CVE-2026-5745EXPLOITED

red hat · red hat enterprise linux

Libarchive: a null pointer dereference vulnerability exists in the acl parser of libarchive

Description

A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).

Affected Products

Vendor	Product	Versions
red hat	red hat enterprise linux	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	open source libarchive	cert_advisory	90%

References

https://access.redhat.com/security/cve/CVE-2026-5745(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2455921(issue-tracking, x_refsource_REDHAT)

Related News (2 articles)

Tier B

BSI Advisories9h ago

[NEU] [UNGEPATCHT] [mittel] libarchive: Schwachstelle ermöglicht Denial of Service

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-5745 | libarchive ACL Parser archive_acl_from_text_nl null pointer dereference

→ No new info (linked only)

CVSS 3.15.5 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-476

PublishedApr 7, 2026

Last enriched1d agov2

Trending Score49

Source articles2

Independent2

Info Completeness6/14

Missing: versions, cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-4634EXP

Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters

Trending: 57

HIGHCVE-2026-4636EXP

Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.

Trending: 55

NONECVE-2026-3872EXP

Keycloak: keycloak: information disclosure due to redirect_uri validation bypass

Trending: 47

NONECVE-2026-4282EXP

Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw

Trending: 47

NONECVE-2026-1961

Forman: foreman: remote code execution via command injection in websocket proxy

Trending: 32

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 7, 2026

Discovered by ZDM

Apr 7, 2026

Updated: description, severity, activelyExploited

Apr 7, 2026

Actively Exploited

Apr 7, 2026

Version History

Last enriched 1d ago

v2Tier C1d ago

Updated description with new details, changed severity to HIGH, and noted that the exploit is not available but the vulnerability is actively exploited.

descriptionseverityactivelyExploited

via VulDB

v11d ago

Initial creation