Multiple Vulnerabilities Discovered in GNU gawk Software

Multiple Vulnerabilities Discovered in GNU gawk Software

First seen 14 Jul 2026, 05:56 UTC Cert.PlNvd.Nistcwe.mitre.orgwww.cve.orgcve.org 92% similarity 57.8

Article Content

Browse articles
ThreatCluster

CERT Polska reported several vulnerabilities in GNU gawk software, including CVE-2026-40467, CVE-2026-40468, CVE-2026-40469, and CVE-2026-40553. The vulnerabilities include a use-after-free issue, integer overflows, and a buffer overflow, primarily affecting 32-bit builds of gawk. These vulnerabilities could lead to crashes and potential code execution, although the latter remains unconfirmed. All identified vulnerabilities were fixed in release 5.4.1 of gawk. The vulnerabilities were disclosed on July 13, 2026, and affected versions include 5.4.0 and below. CERT Polska acknowledged the responsible reporting by Michał Majchrowicz and Marcin Wyczechowski from AFINE.

Key Points: • Four vulnerabilities in GNU gawk software were disclosed, including critical integer overflows. • CVE-2026-40469 affects 32-bit builds of gawk and could lead to program crashes. • All vulnerabilities were patched in gawk version 5.4.1, released on July 13, 2026.

ThreatCluster AI

Timeline

2026-07-13
Multiple vulnerabilities disclosed in gawk
CERT Polska reported vulnerabilities CVE-2026-40467, CVE-2026-40468, CVE-2026-40469, and CVE-2026-40553 in GNU gawk software, affecting versions 5.4.0 and below.
Cert.Pl
2026-07-13
CVE-2026-40467 published
Use After Free vulnerability found in io.c of gawk, leading to potential crashes.
Cert.Pl
2026-07-13
CVE-2026-40468 published
Integer overflow vulnerability in builtin.c could lead to memory exhaustion and heap corruption.
Cert.Pl
2026-07-13
CVE-2026-40469 published
Integer overflow vulnerability in builtin.c affecting 32-bit builds, leading to crashes.
Cert.Pl
2026-07-13
CVE-2026-40553 published
Buffer overflow vulnerability in extension/readdir.c could lead to crashes and potential code execution.
Cert.Pl
2026-07-14
NVD details CVE-2026-40469
NVD confirmed details of CVE-2026-40469, emphasizing its impact on 32-bit builds of gawk.
Nvd.Nist

Community

Browse all →