Vulnerability DatabaseCVE-2026-40026

CVE-2026-40026:
CBL Mariner vulnerability analysis and mitigation

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SUSP block. An attacker can craft a malicious ISO image that causes reads past the end of the SUSP data buffer, and a zero-length SUSP entry can trigger an infinite parsing loop.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

4.8

Score

Published April 8, 2026

Severity MEDIUM

CNA Score 4.8

Affected Technologies

CBL Mariner
Linux Debian

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 2.4

Exploitation Probability (EPSS) N/A

Affected packages and libraries

sleuthkit

Sources

NVD
CBL-Mariner
- CBL-Mariner 3.0 Severity MEDIUMHas FixAdded at: Apr 15, 2026
Debian Security Tracker
- Debian 11, 12, 13, 14 Severity LOWNo FixAdded at: Apr 09, 2026
Echo
- Echo Severity MEDIUMNo FixAdded at: Apr 09, 2026

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related CBL Mariner vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-40024	HIGH	8.4	CBL Mariner	sleuthkit	No	Yes	Apr 08, 2026
CVE-2026-35535	HIGH	7.4	CBL Mariner	seal-sudo	No	Yes	Apr 03, 2026
CVE-2026-31394	MEDIUM	5.5	Linux Kernel	kernel-zfcpdump-modules-core	No	Yes	Apr 03, 2026
CVE-2026-40026	MEDIUM	4.8	CBL Mariner	sleuthkit	No	Yes	Apr 08, 2026
CVE-2026-40025	MEDIUM	4.8	CBL Mariner	sleuthkit	No	Yes	Apr 08, 2026