Home / Vulnerability Intelligence / CVE-2026-2588

CVE-2026-2588 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: February 23, 2026

Crypt::NaCl::Sodium - Integer Overflow

Published: February 23, 2026Updated: February 23, 2026Remote Exploitable

Overview

Crypt::NaCl::Sodium <= 2.001 for Perl contains an integer overflow caused by improper casting of size_t to unsigned long long on 32-bit systems, letting attackers potentially cause memory corruption, exploit requires 32-bit system.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 3.8%(Probability of exploitation in next 30 days)

Impact

Attackers can cause memory corruption leading to potential crashes or code execution on 32-bit systems.

Mitigation

Update to the latest version beyond 2.001 or apply patches addressing integer overflow on 32-bit systems.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 23, 2026

🔴 CVE-2026-2588 - Critical (9.1) Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium functions. On 32-bit systems size_t is typical... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2588/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-2588
Severity: Critical
CVSS Score: 9.1
Type: integer_overflow
Status: unconfirmed
EPSS: 3.8%
Social Posts: 1

CWE

CWE-190

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Score

3.8%Probability of exploitation in the next 30 days