zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3.
CVE-2026-27820
This critical-severity CVE scores 9.8 under NVD CVSS v3. EPSS exploit probability: 0.0%, top 96% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
- High severity, but no confirmed exploitation yet
A fix is available — apply it.
- CVSS v3
- 9.8
- EG Score
- 9.8(medium)
- EPSS
- 42.9%
- KEV
- Not listed
Published
April 16, 2026
Last Modified
May 21, 2026
Advisory Details (1)
Auto-updated Jun 20, 2026Buffer Overflow vulnerability in Zlib::GzipReader · Advisory · ruby/zlib · GitHub
https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68wVendor Advisories for CVE-2026-27820(5)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
- CVE-2026-27820Microsoft Security Response Center (MSRC)Low
zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
- RHSA-2026:8838Red Hat Product SecurityMedium
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
- GHSA-g857-hhfv-j68wGitHub Security AdvisoriesMedium
Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
- RHSA-2026:7307Red Hat Product SecurityMedium
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
- RHSA-2026:7305Red Hat Product SecurityMedium
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Patch Availability(3)
| Vendor / Ecosystem | Fixed in / Patch | Released | Source |
|---|---|---|---|
| redhat | ruby4-0-main-4.0.0-33.3.hum1 | 2026-04-17 | redhat |
| redhat | ruby3-3-main-3.3.10-23.1.hum1 | 2026-04-09 | redhat |
| redhat | ruby3-4-main-3.4.8-31.1.hum1 | 2026-04-09 | redhat |
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
Affected Packages
(1 across 1 ecosystem)
RubyGems(1)
| Package | Vulnerable range | Fixed in | Dependents |
|---|---|---|---|
| zlib | 0.0.1 ... 3.0.0 (8 versions) | 3.0.1 | — |
Weakness Classification(2)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Data Freshness Timeline
(refreshed 11× in last 7d / 48× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Showing the most recent 100 of 140 total refreshes for this CVE.
- 2026-07-16 17:03 UTCEPSS rescore
- 2026-07-16 17:03 UTCEPSS rescore
- 2026-07-15 16:57 UTCEPSS rescore
- 2026-07-15 16:57 UTCEPSS rescore
- 2026-07-15 02:00 UTCEPSS rescore
- 2026-07-15 02:00 UTCEPSS rescore
- 2026-07-13 22:30 UTCEPSS rescore
- 2026-07-13 06:13 UTCEPSS rescore
- 2026-07-13 06:13 UTCEPSS rescore
- 2026-07-12 05:46 UTCEPSS rescore
- 2026-07-11 08:27 UTCEPSS rescore
- 2026-07-09 19:10 UTCEPSS rescore
- 2026-07-08 15:15 UTCEPSS rescore
- 2026-07-07 13:46 UTCEPSS rescore
- 2026-07-06 16:27 UTCEPSS rescore
- 2026-07-06 16:27 UTCEPSS rescore
- 2026-07-06 02:23 UTCEPSS rescore
- 2026-07-06 02:23 UTCEPSS rescore
- 2026-07-05 02:30 UTCEPSS rescore
- 2026-07-04 06:31 UTCEPSS rescore
- 2026-07-04 06:31 UTCEPSS rescore
- 2026-07-01 15:06 UTCEPSS rescore
- 2026-07-01 15:06 UTCEPSS rescore
- 2026-06-30 23:22 UTCEPSS rescore
- 2026-06-30 23:22 UTCEPSS rescore
Show 75 moreShow fewer
- 2026-06-29 14:06 UTCEPSS rescore
- 2026-06-28 14:07 UTCEPSS rescore
- 2026-06-28 14:07 UTCEPSS rescore
- 2026-06-28 04:56 UTCEPSS rescore
- 2026-06-28 04:56 UTCEPSS rescore
- 2026-06-27 03:08 UTCEPSS rescore
- 2026-06-25 13:49 UTCEPSS rescore
- 2026-06-25 13:49 UTCEPSS rescore
- 2026-06-24 14:05 UTCEPSS rescore
- 2026-06-24 14:05 UTCEPSS rescore
- 2026-06-23 21:33 UTCEPSS rescore
- 2026-06-23 21:32 UTCEPSS rescore
- 2026-06-22 14:25 UTCEPSS rescore
- 2026-06-22 14:25 UTCEPSS rescore
- 2026-06-21 14:56 UTCEPSS rescore
- 2026-06-21 14:56 UTCEPSS rescore
- 2026-06-21 01:59 UTCEPSS rescore
- 2026-06-21 01:59 UTCEPSS rescore
- 2026-06-19 19:25 UTCEPSS rescore
- 2026-06-19 19:25 UTCEPSS rescore
- 2026-06-18 17:52 UTCEPSS rescore
- 2026-06-17 17:53 UTCEPSS rescore
- 2026-06-17 17:53 UTCEPSS rescore
- 2026-06-16 17:52 UTCEPSS rescore
- 2026-06-15 17:48 UTCEPSS rescore
- 2026-06-15 03:38 UTCVendor advisory
- 2026-06-14 23:46 UTCVendor advisory
- 2026-06-14 23:18 UTCEPSS rescore
- 2026-06-14 19:52 UTCVendor advisory
- 2026-06-13 23:00 UTCEPSS rescore
- 2026-06-12 23:12 UTCEPSS rescore
- 2026-06-12 23:12 UTCEPSS rescore
- 2026-06-12 06:20 UTCVendor advisory
- 2026-06-12 02:32 UTCVendor advisory
- 2026-06-11 22:42 UTCVendor advisory
- 2026-06-11 18:53 UTCVendor advisory
- 2026-06-11 14:00 UTCEPSS rescore
- 2026-06-10 22:18 UTCEPSS rescore
- 2026-06-10 22:18 UTCEPSS rescore
- 2026-06-10 19:49 UTCVendor advisory
- 2026-06-10 16:00 UTCVendor advisory
- 2026-06-10 13:22 UTCEPSS rescore
- 2026-06-10 12:11 UTCVendor advisory
- 2026-06-10 08:22 UTCVendor advisory
- 2026-06-10 04:08 UTCVendor advisory
- 2026-06-10 00:19 UTCVendor advisory
- 2026-06-09 17:41 UTCVendor advisory
- 2026-06-09 13:52 UTCVendor advisory
- 2026-06-09 10:02 UTCVendor advisory
- 2026-06-08 14:17 UTCEPSS rescore
- 2026-06-08 14:17 UTCEPSS rescore
- 2026-06-08 12:08 UTCVendor advisory
- 2026-06-08 08:10 UTCVendor advisory
- 2026-06-08 04:21 UTCVendor advisory
- 2026-06-08 00:32 UTCVendor advisory
- 2026-06-07 20:19 UTCVendor advisory
- 2026-06-07 16:30 UTCVendor advisory
- 2026-06-07 15:25 UTCEPSS rescore
- 2026-06-07 15:25 UTCEPSS rescore
- 2026-06-07 15:25 UTCEPSS rescore
- 2026-06-07 12:40 UTCVendor advisory
- 2026-06-07 08:51 UTCVendor advisory
- 2026-06-07 05:01 UTCVendor advisory
- 2026-06-06 13:47 UTCEPSS rescore
- 2026-06-06 13:47 UTCEPSS rescore
- 2026-06-06 08:55 UTCVendor advisory
- 2026-06-05 22:47 UTCEPSS rescore
- 2026-06-05 22:47 UTCEPSS rescore
- 2026-06-05 12:16 UTCVendor advisory
- 2026-06-05 06:10 UTCEPSS rescore
- 2026-06-05 06:10 UTCEPSS rescore
- 2026-06-04 21:04 UTCVendor advisory
- 2026-06-04 13:12 UTCEPSS rescore
- 2026-06-04 13:12 UTCEPSS rescore
- 2026-06-03 22:48 UTCVendor advisory
Related CVEs(same vendor + same CWE)
Same vendor
10 shownmsrc · redhat
Same CWE
10 shownCWE-120 · CWE-131
- CVE-2010-10016EG 10.0CRITICAL
- CVE-2009-0948EG 9.8CRITICAL
- CVE-2006-3100EG 9.8CRITICAL
- CVE-2009-5041EG 9.8CRITICAL
- CVE-2010-5333EG 9.8EPSS 97%CRITICAL
- CVE-2004-1363EG 9.8EPSS 95%CRITICAL
- CVE-2004-0434EG 9.8EPSS 94%CRITICAL
- CVE-2003-0899EG 9.8EPSS 97%CRITICAL
- CVE-2002-1347EG 9.8EPSS 93%CRITICAL
- CVE-2001-0248EG 9.8EPSS 95%CRITICAL
Frequently asked(5)
What is CVE-2026-27820?
When was CVE-2026-27820 disclosed?
Is CVE-2026-27820 actively exploited?
What is the CVSS score of CVE-2026-27820?
How do I remediate CVE-2026-27820?
Dependency Blast Radius
See which npm, PyPI, Go, and Maven packages are affected by CVE-2026-27820
Is Your Infrastructure Affected by CVE-2026-27820?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.