CVE-2026-40468: CWE-190 Integer Overflow or Wraparound in GNU gawk
Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below.
AI Analysis
Technical Summary
CVE-2026-40468 is an integer overflow vulnerability in the builtin.c source file of GNU gawk affecting versions up to and including 5.4.0. The overflow can lead to memory exhaustion and may enable an attacker to overwrite heap metadata and objects with controlled bytes, potentially compromising the program's memory integrity. The vulnerability is classified under CWE-190 (Integer Overflow or Wraparound). The CVSS 4.0 vector indicates a low-severity local attack requiring low complexity and no privileges or user interaction, with limited impact on confidentiality and availability.
Potential Impact
The vulnerability may cause memory exhaustion on the host operating system and allow overwriting of heap metadata and objects within gawk, which could lead to instability or unintended behavior. However, the overall severity is low, and no known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or patch is currently available, users should monitor GNU advisories for updates and consider restricting local access to gawk where possible to reduce risk.
CVE-2026-40468: CWE-190 Integer Overflow or Wraparound in GNU gawk
Description
Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below.
CVSS v4.0
Score 2.1low
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-40468 is an integer overflow vulnerability in the builtin.c source file of GNU gawk affecting versions up to and including 5.4.0. The overflow can lead to memory exhaustion and may enable an attacker to overwrite heap metadata and objects with controlled bytes, potentially compromising the program's memory integrity. The vulnerability is classified under CWE-190 (Integer Overflow or Wraparound). The CVSS 4.0 vector indicates a low-severity local attack requiring low complexity and no privileges or user interaction, with limited impact on confidentiality and availability.
Potential Impact
The vulnerability may cause memory exhaustion on the host operating system and allow overwriting of heap metadata and objects within gawk, which could lead to instability or unintended behavior. However, the overall severity is low, and no known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or patch is currently available, users should monitor GNU advisories for updates and consider restricting local access to gawk where possible to reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CERT-PL
- Date Reserved
- 2026-04-13T14:44:55.647Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a54e21068715ace4303d412
Added to database: 07/13/2026, 13:03:12 UTC
Last enriched: 07/13/2026, 13:17:53 UTC
Last updated: 07/13/2026, 14:01:00 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.