Home / Vulnerability Intelligence / CVE-2026-4177

CVE-2026-4177 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 17, 2026

YAML::Syck - Buffer Overflow

Published: March 16, 2026Updated: March 17, 2026Remote Exploitable

Overview

YAML::Syck for Perl <= 1.36 contains multiple vulnerabilities including a heap buffer overflow in the YAML emitter caused by class names exceeding 512 bytes, letting attackers cause memory corruption, exploit requires crafted YAML input.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 1.4%(Probability of exploitation in next 30 days)

Impact

Attackers can cause memory corruption leading to potential denial of service or code execution.

Mitigation

Update to the latest version beyond 1.36.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 18, 2026

🔴 CVE-2026-4177 - Critical (9.1) YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The ba... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4177/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-4177
Severity: Critical
CVSS Score: 9.1
Type: buffer_overflow
Status: unconfirmed
EPSS: 1.4%
Social Posts: 1

CWE

CWE-122

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS Score

1.4%Probability of exploitation in the next 30 days