Ghostwire

CVE-2026-41988: uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6....

LOW CVSS 3.2 Exploit Available 2 PoC

Published: April 23, 2026 | Last Modified: April 23, 2026

Description

uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.

Ghostwire Analysis — What This Means Practically

2 proof-of-concept exploits available on GitHub. Public exploit code lowers the barrier for both researchers and attackers.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Proof-of-Concept Exploits (2)

uuidjs/uuid
uuidjs/uuid

Security Coverage (1 articles)

References

github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34
github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq
www.tenable.com/cve/CVE-2026-41988
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-41988