CVE-2026-31966 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: March 19, 2026
HTSlib - Information Disclosure
Overview
HTSlib contains an information disclosure caused by insufficient validation in cram_decode_seq() function when decoding CRAM records, letting attackers leak arbitrary data from memory, exploit requires crafted CRAM data.
Severity & Score
Impact
Attackers can leak arbitrary memory data, potentially exposing sensitive information or causing program crashes.
Mitigation
Update to version 1.23.1, 1.22.2, 1.21.1 or later.
References
- https://github.com/samtools/htslib/commit/22ec5230ef95769ab009420da69568c7e530af28
- https://github.com/samtools/htslib/commit/2a45eb129d703ad27f9fabc8169f0e94d3c69fa3
- https://github.com/samtools/htslib/commit/4a5ef25eb1fb3d64438103316fffe423b2c3f5f4
- https://github.com/samtools/htslib/security/advisories/GHSA-5cj8-mj52-8vp3
Social Media Activity(1 post)
š“ CVE-2026-31966 - Critical (9.1) HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of stori... š https://www.thehackerwire.com/vulnerability/CVE-2026-31966/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-31966
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- undefined
- Status
- confirmed
- EPSS
- 1.5%
- Social Posts
- 1
CWE
- CWE-125
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H