CVE-2026-4046: CWE-617 Reachable assertion in The GNU C Library glibc
The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.
AI Analysis
Technical Summary
The vulnerability CVE-2026-4046 affects the iconv() function in glibc versions 2.43 and earlier. When converting character data from IBM1390 or IBM1399 encodings, an assertion failure can be triggered, causing the application to crash. This is classified as CWE-617 (Reachable Assertion). The flaw allows remote attackers to cause a denial of service by supplying crafted input that triggers this assertion failure. The vulnerability has a CVSS 3.1 base score of 7.5, reflecting its network attack vector, low complexity, no privileges required, no user interaction, and impact limited to availability. No known exploits are reported in the wild. The vulnerability can be trivially mitigated by disabling or removing the IBM1390 and IBM1399 character sets if they are not required by the system. There is no vendor advisory or patch information available at this time.
Potential Impact
This vulnerability allows remote attackers to cause an application crash (denial of service) by triggering an assertion failure in the iconv() function when processing IBM1390 or IBM1399 character sets. There is no impact on confidentiality or integrity. The denial of service could disrupt availability of affected applications relying on glibc for character set conversions involving these encodings.
Mitigation Recommendations
No official patch or fix is currently documented. The vulnerability can be trivially mitigated by removing or disabling support for the IBM1390 and IBM1399 character sets on systems that do not require them. Users should monitor vendor advisories for any future patches or official fixes.
CVE-2026-4046: CWE-617 Reachable assertion in The GNU C Library glibc
Description
The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-4046 affects the iconv() function in glibc versions 2.43 and earlier. When converting character data from IBM1390 or IBM1399 encodings, an assertion failure can be triggered, causing the application to crash. This is classified as CWE-617 (Reachable Assertion). The flaw allows remote attackers to cause a denial of service by supplying crafted input that triggers this assertion failure. The vulnerability has a CVSS 3.1 base score of 7.5, reflecting its network attack vector, low complexity, no privileges required, no user interaction, and impact limited to availability. No known exploits are reported in the wild. The vulnerability can be trivially mitigated by disabling or removing the IBM1390 and IBM1399 character sets if they are not required by the system. There is no vendor advisory or patch information available at this time.
Potential Impact
This vulnerability allows remote attackers to cause an application crash (denial of service) by triggering an assertion failure in the iconv() function when processing IBM1390 or IBM1399 character sets. There is no impact on confidentiality or integrity. The denial of service could disrupt availability of affected applications relying on glibc for character set conversions involving these encodings.
Mitigation Recommendations
No official patch or fix is currently documented. The vulnerability can be trivially mitigated by removing or disabling support for the IBM1390 and IBM1399 character sets on systems that do not require them. Users should monitor vendor advisories for any future patches or official fixes.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- glibc
- Date Reserved
- 2026-03-12T10:12:32.994Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69cab88de6bfc5ba1d56ff2a
Added to database: 3/30/2026, 5:53:17 PM
Last enriched: 4/21/2026, 5:36:33 AM
Last updated: 5/15/2026, 7:55:22 AM
Views: 248
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.