Cert.Pl
Multiple Vulnerabilities Discovered in GNU gawk Software
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
CERT Polska reported several vulnerabilities in GNU gawk software, including CVE-2026-40467, CVE-2026-40468, CVE-2026-40469, and CVE-2026-40553. The vulnerabilities include a use-after-free issue, integer overflows, and a buffer overflow, primarily affecting 32-bit builds of gawk. These vulnerabilities could lead to crashes and potential code execution, although the latter remains unconfirmed. All identified vulnerabilities were fixed in release 5.4.1 of gawk. The vulnerabilities were disclosed on July 13, 2026, and affected versions include 5.4.0 and below. CERT Polska acknowledged the responsible reporting by Michał Majchrowicz and Marcin Wyczechowski from AFINE.
Key Points: • Four vulnerabilities in GNU gawk software were disclosed, including critical integer overflows. • CVE-2026-40469 affects 32-bit builds of gawk and could lead to program crashes. • All vulnerabilities were patched in gawk version 5.4.1, released on July 13, 2026.