CVE-2026-41988
3.2
LOW
CVSS 3.1
EPSS 0.02%
Description
uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.
How to fix CVE-2026-41988
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/node-uuid—no fix listed
Is CVE-2026-41988 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.2 | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |