CVE-2026-57918
Received Received - Intake
libnfs NFS Server Connection XID Integer Underflow Vulnerability

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: MITRE

Description
libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-57918
EUVD
EUVD-2026-39647
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-191 The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an integer underflow in the xid (transaction identifier) handling within the libnfs library, specifically in the READ_IOVEC function in rpc_read_from_socket. It occurs when connecting to a crafted NFS server that sends a Protocol Data Unit (PDU) where the expected size is larger than the actual size derived from the xid or record marker. This mismatch can cause incorrect calculations leading to an underflow condition.

The underflow can result in improper memory handling, potentially causing buffer overflows or other memory corruption issues.

Impact Analysis

This vulnerability can lead to serious security impacts including high confidentiality and integrity risks, as well as low availability impact. An attacker controlling a malicious NFS server could exploit this flaw to cause memory corruption in the client using libnfs, potentially leading to arbitrary code execution or denial of service.

Mitigation Strategies

To mitigate this vulnerability, update libnfs to a version that includes the fix for the xid integer underflow issue, specifically versions after commit 935b8db712b3c6649bc57ddc276526c4a31680de.

This fix ensures proper validation of the PDU size to prevent the underflow condition that could be exploited by a crafted NFS server.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57918. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart