Home / Vulnerability Intelligence / CVE-2026-31965

CVE-2026-31965 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 19, 2026

HTSlib - Out of Bounds Read

Published: March 18, 2026Updated: March 19, 2026Remote Exploitable

Overview

HTSlib contains an out of bounds read caused by late validation of the reference id field in the cram_decode_slice() function, letting attackers leak memory values or cause crashes, exploit requires crafted CRAM data.

Severity & Score

Severity: High

CVSS Score: 8.2

EPSS Score: 4.0%(Probability of exploitation in next 30 days)

Impact

Attackers can leak memory values or cause program crashes, potentially leading to denial of service or information disclosure.

Mitigation

Update to versions 1.23.1, 1.22.2, 1.21.1 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 19, 2026

🟠 CVE-2026-31965 - High (8.2) HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, validation of the reference id ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31965/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-31965
Severity: High
CVSS Score: 8.2
Type: out_of_bounds_rw
Status: confirmed
EPSS: 4.0%
Social Posts: 1

CWE

CWE-125

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS Score

4.0%Probability of exploitation in the next 30 days