Home / Vulnerability Intelligence / CVE-2026-31968

CVE-2026-31968 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 19, 2026

HTSlib - Buffer Overflow

Published: March 18, 2026Updated: March 19, 2026Remote Exploitable

Overview

HTSlib contains a buffer overflow caused by incomplete validation of VARINT and CONST encodings in CRAM format, letting attackers cause heap or stack overflow and potentially execute arbitrary code, exploit requires opening crafted file.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Attackers can cause crashes, data corruption, or potentially execute arbitrary code by opening crafted files.

Mitigation

Update to versions 1.23.1, 1.22.2, 1.21.1 or later.

References

https://github.com/samtools/htslib/commit/0ec436796eca7b4ce7fcc9b77270c102da29bb2e
https://github.com/samtools/htslib/security/advisories/GHSA-cgcm-c9r2-p57j

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-31968
Severity: High
CVSS Score: 8.1
Type: buffer_overflow
Status: confirmed

CWE

CWE-121

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H