CWE-126— Buffer Over-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.— MITRE CWE catalog
451 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-126page 9 of 10
- CVE-2025-62462HIGHCVSS 7.8EG 7.82025-12-09
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- CVE-2025-62464HIGHCVSS 7.8EG 7.82025-12-09
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- CVE-2025-62467HIGHCVSS 7.8EG 7.82025-12-09
Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- CVE-2025-62473MEDIUMCVSS 6.5EG 6.52025-12-09
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-62560HIGHCVSS 7.8EG 7.82025-12-09
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2025-62787HIGHCVSS 7.5EG 7.52025-10-29
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.10.2, a buffer over-read occurs in DecodeWinevt() when child_attr[p]->attributes[j] is accessed, because the corresponding index (j) i…
- CVE-2025-62792HIGHCVSS 7.5EG 7.52025-10-29
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in w_expression_match() when strlen() is called on str_test, because the corresponding buffer is not b…
- CVE-2025-63602HIGHCVSS 7.3EG 7.32025-11-18
A vulnerability was discovered in Awesome Miner thru 11.2.4 that allows arbitrary read and write to kernel memory and MSRs (such as LSTAR) as an unprivileged user. This is due to the implementation of an insecure version of WinRing0 (1.2.0…
- CVE-2025-66692HIGHCVSS 7.5EG 7.52026-01-20
A buffer over-read in the PublicKey::verify() method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2025-7745MEDIUMCVSS 5.8EG 5.82025-07-24
Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC500 V2: through 2.5.2.
- CVE-2026-0930MEDIUMCVSS 4.3EG 4.32026-04-20
Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory t…
- CVE-2026-11787MEDIUMCVSS 6.3EG 5.02026-06-09
A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing…
- CVE-2026-20846HIGHCVSS 7.5EG 7.52026-02-10
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
- CVE-2026-21367HIGHCVSS 7.6EG 7.62026-04-06
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
- CVE-2026-21371HIGHCVSS 7.8EG 7.82026-04-06
Memory Corruption when retrieving output buffer with insufficient size validation.
- CVE-2026-21373HIGHCVSS 7.8EG 7.82026-04-06
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
- CVE-2026-21374HIGHCVSS 7.8EG 7.82026-04-06
Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.
- CVE-2026-21375HIGHCVSS 7.8EG 7.82026-04-06
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
- CVE-2026-21376HIGHCVSS 7.8EG 7.82026-04-06
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
- CVE-2026-21378HIGHCVSS 7.8EG 7.82026-04-06
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
- CVE-2026-21379HIGHCVSS 7.8EG 7.82026-07-06
Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.
- CVE-2026-21381HIGHCVSS 7.6EG 7.62026-04-06
Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.
- CVE-2026-2394MEDIUMCVSS 6.5EG 6.52026-04-01
Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before …
- CVE-2026-24028MEDIUMCVSS 5.3EG 5.32026-03-31
An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of s…
- CVE-2026-25646HIGHCVSS 8.1EG 8.12026-02-10
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function.…
- CVE-2026-26155MEDIUMCVSS 6.5EG 6.52026-04-14
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
- CVE-2026-26169MEDIUMCVSS 6.1EG 6.12026-04-14
Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.
- CVE-2026-26184HIGHCVSS 7.8EG 7.82026-04-14
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- CVE-2026-28364HIGHCVSS 7.8EG 7.92026-02-27
In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the r…
- CVE-2026-34059HIGHCVSS 7.5EG 7.52026-05-04
Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
- CVE-2026-34336HIGHCVSS 7.8EG 7.82026-05-12
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- CVE-2026-37532HIGHCVSS 7.1EG 7.12026-05-01
AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, …
- CVE-2026-40210MEDIUMCVSS 4.8EG 4.82026-06-25
An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.
- CVE-2026-40341LOWCVSS 3.5EG 3.52026-04-18
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b3…
- CVE-2026-41898CRITICALCVSS 9.8EG 9.82026-04-24
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_state…
- CVE-2026-41992HIGHCVSS 7.5EG 7.52026-06-29
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array th…
- CVE-2026-42828HIGHCVSS 7.8EG 7.82026-06-09
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
- CVE-2026-4371HIGHCVSS 7.4EG 7.42026-03-24
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfu…
- CVE-2026-44185HIGHCVSS 7.3EG 7.32026-06-08
Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, w…
- CVE-2026-45460MEDIUMCVSS 4.7EG 4.72026-06-09
Buffer over-read in Microsoft Office allows an unauthorized attacker to disclose information locally.
- CVE-2026-45684MEDIUMCVSS 5.3EG 5.32026-05-18
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using …
- CVE-2026-50813MEDIUMCVSS 5.5EG 6.12026-07-08
An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path
- CVE-2026-5260HIGHCVSS 8.2EG 8.22026-05-26
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption…
- CVE-2026-5772MEDIUMCVSS 5.3EG 5.32026-04-09
A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the …
- CVE-2026-58010HIGHCVSS 8.2EG 6.52026-06-30
A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bound…
- CVE-2026-58012HIGHCVSS 8.2EG 6.52026-06-30
A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using …
- CVE-2026-58013HIGHCVSS 8.2EG 6.52026-06-30
A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This v…
- CVE-2026-6238MEDIUMCVSS 6.5EG 6.52026-04-28
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG rec…
- CVE-2026-6532MEDIUMCVSS 5.5EG 5.52026-04-30
Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
- CVE-2026-6575MEDIUMCVSS 4.3EG 4.32026-05-14
Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that arra…
Map vulnerabilities like CWE-126 to your infrastructure
EchelonGraph correlates every CVE — across CWE-126 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →