CVE-2026-14686 PUBLISHED

HdrHistogram Range Check DoubleHistogram.java org.HdrHistogram.DoubleHistogram.recordValue comparison

Assigner: VulDB
Reserved: 04.07.2026 Published: 05.07.2026 Updated: 05.07.2026

A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack is only possible with local access. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
CVSS Score: 4.8

Product Status

Vendor n/a
Product HdrHistogram
Versions
  • Version 2.2.0 is affected
  • Version 2.2.1 is affected
  • Version 2.2.2 is affected

Credits

  • sara11h (VulDB User) reporter
  • VulDB CNA Team coordinator

References

Problem Types

  • Incorrect Comparison CWE