CVE-2026-40200 — Always-Incorrect Control Flow Implementation in Musl

CWE-670 — Always-Incorrect Control Flow Implementation CWE-190 — Integer Overflow or Wraparound9 documents6 sources

Severity

8.1HIGHNVD

EPSS

0.0%

top 95.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Musl-libc Musl

Timeline

PublishedApr 10

Description

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 1.4 | Impact: 6.0

Affected Packages1 packages

▶CVEListV5musl-libc/musl0.7.10 — 1.2.6

🔴Vulnerability Details

VulDB

musl libc up to 1.2.6 control flow (EUVD-2026-21496)↗2026-04-10

▶

CVEList

CVE-2026-40200: An issue was discovered in musl libc 0↗2026-04-10

▶

GHSA

GHSA-qrwv-475h-2439: An issue was discovered in musl libc 0↗2026-04-10

▶

📋Vendor Advisories

Red Hat

musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort↗2026-04-10

▶

💬Community

Bugzilla

CVE-2026-40200 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort↗2026-04-10

▶

Bugzilla

CVE-2026-40200 python-pandas: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort [epel-all]↗2026-04-10

▶

Bugzilla

CVE-2026-40200 python-pandas: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort [fedora-42]↗2026-04-10

▶

Bugzilla

CVE-2026-40200 python-pandas: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort [fedora-43]↗2026-04-10

▶