CVE-2026-41988 — Always-Incorrect Control Flow Implementation in Uuid

CWE-670 — Always-Incorrect Control Flow Implementation CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

3.2LOWNVD

EPSS

0.0%

top 98.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

162

Uuidjs Uuid 389-ds 1.4 389-ds-base Advanced-cluster-security Rhacs-fact-rhel8 +159 more

Timeline

PublishedApr 23

Description

uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 1.4 | Impact: 1.4

Affected Packages163 packages

▶CVEListV5uuidjs/uuid< 14.0.0

▶Red Hatuuidjs/uuid

▶Red Hatdiscovery/discovery-ui-rhel9

▶Red Hatdiscovery/discovery-server-rhel9

▶Red Hatrust-lang/rust

🔴Vulnerability Details

GHSA

GHSA-qmq6-f8pr-cx5x: uuid before 14↗2026-04-23

▶

📋Vendor Advisories

Red Hat

uuid: uuid: Unexpected data writes when using external output buffers with specific UUID versions↗2026-04-23

▶

💬Community

Bugzilla

CVE-2026-41988 uuid: uuid: Unexpected data writes when using external output buffers with specific UUID versions↗2026-04-23

▶