CVE-2026-31972 - Vulnerability Analysis

Overview

SAMtools < 1.21.1 and < 1.22 contain a use-after-free vulnerability in the mpileup command caused by premature discarding of reference data, letting attackers cause information disclosure or program crash, exploit requires crafted input data.

Severity & Score

Impact

Attackers can cause program crashes or leak information about program state, potentially disrupting bioinformatics workflows.

Mitigation

Update to version 1.21.1 or 1.22 or later.

References

• https://github.com/samtools/samtools/commit/3036eb9af945fcef359427a2d359855553da4adf
• https://github.com/samtools/samtools/security/advisories/GHSA-72c8-4jf3-f27p
• http://www.openwall.com/lists/oss-security/2026/03/18/11

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 19, 2026

🔴 CVE-2026-31972 - Critical (9.8) SAMtools is a program for reading, manipulating and writing bioinformatics file formats. The `mpileup` command outputs DNA sequences that have been aligned against a known reference. On each output line it writes the reference position, optionally... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31972/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner