Critical Wget Vulnerabilities Affect Multiple Ubuntu Versions

Critical Wget Vulnerabilities Affect Multiple Ubuntu Versions

First seen 15 Jul 2026, 08:28 UTC UbuntuLinuxsecurityubuntu.com 95% similarity 70.5

Article Content

Browse articles
ThreatCluster

Multiple vulnerabilities were discovered in Wget, affecting Ubuntu versions 14.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, 24.04 LTS, and 26.04 LTS. CVE-2024-38428 allows remote attackers to trick users into connecting to unintended hosts via URL manipulation. CVE-2026-58469 and CVE-2026-58471 can lead to denial of service or arbitrary code execution due to mishandling of Metalink documents and character set conversion, respectively. CVE-2026-58470 involves an integer overflow from incorrect handling of Content-Range header values, potentially causing download desynchronization. The vulnerabilities were published on July 7, 2026, and are critical for users of affected Ubuntu versions. Users are advised to update their systems to mitigate these risks.

Key Points: • Wget vulnerabilities affect multiple Ubuntu LTS versions, including 14.04 to 26.04. • CVE-2024-38428 allows attackers to redirect users to unintended hosts. • CVE-2026-58469 and CVE-2026-58471 can lead to denial of service or code execution.

ThreatCluster AI

Timeline

2024-06-16
CVE-2024-38428 published
Wget mishandles semicolons in URLs, affecting Ubuntu 14.04 LTS, allowing user redirection.
Ubuntu
2026-07-07
CVE-2026-58469 published
Wget incorrectly handles whitespace-only URLs in Metalink documents, affecting multiple Ubuntu versions.
Ubuntu
2026-07-07
CVE-2026-58470 published
Integer overflow in Content-Range header values leads to download desynchronization in Wget.
Ubuntu
2026-07-07
CVE-2026-58471 published
Wget mishandles character set conversion of server-supplied filenames, risking denial of service or code execution.
Ubuntu
2026-07-07
CVE-2026-58472 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-14
Security updates released
Ubuntu released updates for Wget across affected versions to address the vulnerabilities.
Linuxsecurity

Community

Browse all →