Home / Vulnerability Intelligence / CVE-2026-4177

CVE-2026-4177 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 17, 2026

YAML::Syck - Buffer Overflow

Published: March 16, 2026Updated: March 17, 2026Remote Exploitable

Overview

YAML::Syck for Perl <= 1.36 contains multiple vulnerabilities including a heap buffer overflow in the YAML emitter caused by class names exceeding 512 bytes, letting attackers cause memory corruption, exploit requires crafted YAML input.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Attackers can cause memory corruption leading to potential denial of service or code execution.

Mitigation

Update to the latest version beyond 1.36.

References

https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e.patch
https://metacpan.org/release/TODDR/YAML-Syck-1.37_01/changes#L21
http://www.openwall.com/lists/oss-security/2026/03/16/6

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-4177
Severity: Critical
CVSS Score: 9.1
Type: buffer_overflow
Status: unconfirmed

CWE

CWE-122

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H