CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,398 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 135 of 148
- CVE-2026-34696HIGHCVSS 7.8EG 7.82026-06-09
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha…
- CVE-2026-34734HIGHCVSS 7.8EG 7.82026-04-09
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in …
- CVE-2026-34757MEDIUMCVSS 5.1EG 5.12026-04-09
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get…
- CVE-2026-34764LOWCVSS 2.3EG 2.32026-04-06
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures ma…
- CVE-2026-34770HIGHCVSS 7.0EG 7.02026-04-04
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor module may be vulnerable to a use-after-fre…
- CVE-2026-34771HIGHCVSS 8.8EG 7.52026-04-04
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler() m…
- CVE-2026-34772MEDIUMCVSS 5.8EG 5.82026-04-04
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vul…
- CVE-2026-34774HIGHCVSS 8.1EG 8.12026-04-04
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open() may be vulner…
- CVE-2026-34854MEDIUMCVSS 5.7EG 5.72026-04-13
UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
- CVE-2026-34859MEDIUMCVSS 5.9EG 5.92026-04-13
UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
- CVE-2026-34983MEDIUMCVSS 5.0EG 5.02026-04-09
Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder…
- CVE-2026-35416HIGHCVSS 7.0EG 7.02026-05-12
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2026-35418HIGHCVSS 7.8EG 7.82026-05-12
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
- CVE-2026-35554HIGHCVSS 8.7EG 8.72026-04-07
A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containi…
- CVE-2026-3593CRITICALCVSS 9.8EG 7.42026-05-20
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and…
- CVE-2026-3777MEDIUMCVSS 5.5EG 5.52026-04-01
The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the o…
- CVE-2026-3779HIGHCVSS 7.8EG 7.82026-04-01
The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially …
- CVE-2026-38753HIGHCVSS 7.5EG 7.52026-07-15
A use-after-free in the awk_sub() function (editors/awk.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AWK script.
- CVE-2026-39316MEDIUMCVSS 4.0EG 4.02026-04-07
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd) when temporary printers are automaticall…
- CVE-2026-39872MEDIUMCVSS 6.5EG 6.52026-06-29
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2026-40215MEDIUMCVSS 6.1EG 6.12026-06-08
A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion.
- CVE-2026-40290HIGHCVSS 7.8EG 7.82026-06-03
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free (UAF) race …
- CVE-2026-40311MEDIUMCVSS 5.5EG 5.52026-04-13
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from a…
- CVE-2026-40358HIGHCVSS 8.4EG 8.42026-05-12
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-40359HIGHCVSS 7.8EG 7.82026-05-12
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-40361HIGHCVSS 8.4EG 8.42026-05-12
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-40366HIGHCVSS 8.4EG 8.42026-05-12
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2026-40382HIGHCVSS 7.8EG 7.82026-05-12
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
- CVE-2026-40402CRITICALCVSS 9.3EG 9.32026-05-12
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
- CVE-2026-40406HIGHCVSS 7.5EG 7.52026-05-12
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
- CVE-2026-40408HIGHCVSS 7.8EG 7.82026-05-12
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
- CVE-2026-40410HIGHCVSS 7.0EG 7.02026-05-12
Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.
- CVE-2026-40415HIGHCVSS 8.1EG 8.12026-05-12
Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
- CVE-2026-40418HIGHCVSS 7.8EG 7.82026-05-12
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
- CVE-2026-40419HIGHCVSS 7.8EG 7.82026-05-12
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
- CVE-2026-40467HIGHCVSS 7.5EG 7.52026-07-13
Use After Free vulnerability has been found in "io.c" program file of gawk (do_getline_redir() routine). This issue may lead to a crash. It affects gawk in versions 5.4.0 and below.
- CVE-2026-40701MEDIUMCVSS 4.8EG 4.82026-05-13
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on" or the leaf parameters are configured …
- CVE-2026-41095HIGHCVSS 7.8EG 7.82026-05-12
Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.
- CVE-2026-41156HIGHCVSS 7.7EG 7.72026-06-19
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario. A shared resource (memory page) managed by a CPU thread of control (…
- CVE-2026-41158HIGHCVSS 7.8EG 7.82026-06-12
Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used…
- CVE-2026-41218HIGHCVSS 7.5EG 7.52026-05-13
When BIG-IP PEM iRules are configured on a virtual server (iRules using commands starting with CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and the urlcatquery command), undisclosed traffic can cause the Traffic Management Microkernel (TMM)…
- CVE-2026-41401MEDIUMCVSS 6.5EG 6.52026-05-26
libyang before 5.2.6 contains a heap use-after-free write vulnerability in lyd_parser_set_data_flags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability b…
- CVE-2026-4148HIGHCVSS 8.8EG 8.82026-03-17
A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.
- CVE-2026-41982MEDIUMCVSS 6.4EG 6.42026-06-09
Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-42530HIGHCVSS 8.1EG 8.12026-06-17
NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially c…
- CVE-2026-4271MEDIUMCVSS 5.3EG 5.32026-03-17
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests t…
- CVE-2026-42825HIGHCVSS 7.0EG 7.02026-05-12
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
- CVE-2026-42836HIGHCVSS 7.0EG 7.02026-06-09
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
- CVE-2026-42900HIGHCVSS 8.1EG 8.12026-07-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows App Store allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-42905HIGHCVSS 7.8EG 7.82026-06-09
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →