Home / Vulnerability Intelligence / CVE-2026-31970

CVE-2026-31970 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 19, 2026

HTSlib - Integer Overflow & Heap Buffer Overflow

Published: March 18, 2026Updated: March 19, 2026Remote Exploitable

Overview

HTSlib contains a heap buffer overflow caused by an integer overflow in the bgzf_index_load_hfile() function when loading GZI files, letting attackers cause crashes or potentially execute arbitrary code, exploit requires opening a crafted file.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 3.7%(Probability of exploitation in next 30 days)

Impact

Attackers can cause program crashes or potentially execute arbitrary code by opening crafted GZI files.

Mitigation

Update to versions 1.23.1, 1.22.2, 1.21.1 or later. Discard untrusted .gzi files and recreate using bgzip -r.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 19, 2026

🟠 CVE-2026-31970 - High (8.1) HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP [BGZF] files. In the GZI loading function, `bgzf_index_load_hfile()`, it was possible to trigger an integer overflow, leadi... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31970/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-31970
Severity: High
CVSS Score: 8.1
Type: integer_overflow
Status: confirmed
EPSS: 3.7%
Social Posts: 1

CWE

CWE-122

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

EPSS Score

3.7%Probability of exploitation in the next 30 days