CVE-2026-44673

High

Published: 14 May 2026

Published

14 May 2026

Modified

14 May 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score N/A

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-44673 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, it is not currently listed in the CISA KEV catalog.

NVD Description

libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB…

data to any libyang consumer (NETCONF server, sysrepo, etc.) can trigger a crash or potential heap corruption. This vulnerability is fixed in SO 5.2.15.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-190

References

https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh
security-advisories@github.com