CVE-2026-6846

Binutils: binutils: arbitrary code execution via malformed xcoff object file processing

Published: 4/22/2026 Last updated: 5/12/2026 Reserved: 4/22/2026

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.8	High	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Opam packages affected (3)

bap-std clangml conf-binutils

Products affected (42)

Product	Vendor	Version
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Hardened Images	Red Hat	5.1.3, 5.1.2, 5.1.1, and 5.1.0
Red Hat Enterprise Linux 10	Red Hat	2016 (64-bit edition)
Red Hat Enterprise Linux 6	Red Hat	9.0
Red Hat Enterprise Linux 7	Red Hat	12.4.0
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Hardened Images	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	8.0
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	12.6
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	8.5
Red Hat Enterprise Linux 8	Red Hat	Phoenix Broadband Technologies LLC PowerAgent SC3 Site Controller
Red Hat Enterprise Linux 8	Red Hat	< 77.0.3865.120
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	Moodle 2.x and 3.x
Red Hat Enterprise Linux 7	Red Hat	before 12.2.6
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	< 45.8
Red Hat Enterprise Linux 8	Red Hat	6.2.x before 6.2.9
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	Windows kernel
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 10	Red Hat	8.3
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	6.3.x before 6.3.5
Red Hat Enterprise Linux 9	Red Hat	< 52
Red Hat OpenShift Container Platform 4	Red Hat	n/a
Red Hat OpenShift Container Platform 4	Red Hat	versions before v2.0

References (4)

Credits (2)

Red Hat would like to thank Takao Sato for reporting this issue.
Red Hat would like to thank Takao Sato for reporting this issue.