{"id":"CVE-2026-3994","details":"A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.","modified":"2026-03-15T22:09:13.843447Z","published":"2026-03-12T06:16:32.167Z","references":[{"type":"WEB","url":"https://vuldb.com/?submit.769772"},{"type":"WEB","url":"https://github.com/oneafter/0209/blob/main/mo2/repro"},{"type":"WEB","url":"https://github.com/rui314/mold/"},{"type":"WEB","url":"https://vuldb.com/?ctiid.350476"},{"type":"WEB","url":"https://vuldb.com/?id.350476"},{"type":"REPORT","url":"https://github.com/rui314/mold/issues/1548"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3994.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"an"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}]}