CVE-2026-41988 PUBLISHED

Assigner: mitre
Reserved: 23.04.2026 Published: 23.04.2026 Updated: 23.04.2026

uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
CVSS Score: 3.2

Product Status

Vendor uuidjs
Product uuid
Versions Default: unaffected
  • affected from 0 to 14.0.0 (excl.)

References

Problem Types

  • CWE-670 Always-Incorrect Control Flow Implementation CWE