HighPublic exploit

Integer overflow in glibc memalign-family functions leads to heap corruption

IdentifiersCVE-2026-0861CWE-190· Integer Overflow or Wraparound

CVE-2026-0861 is an integer overflow vulnerability in the GNU C Library (glibc) memalign allocation family affecting versions 2.30 through 2.42. The issue occurs when excessively large alignment values are passed to memalign, posix_memalign, or aligned_alloc; related descriptions also mention valloc and pvalloc. If the caller supplies an alignment large enough to cause arithmetic on allocation size/alignment metadata to overflow size_t, the resulting miscalculation can lead to heap corruption. The advisory states exploitation requires attacker control over both the requested allocation size and the alignment argument. The size must be close to PTRDIFF_MAX, and the malicious alignment values are highly constrained: for memalign, roughly in the range [2^62 + 1, 2^63], and for posix_memalign and aligned_alloc, exactly 2^63. In typical software, alignment arguments are usually fixed, trusted values such as page size or structure alignment, which makes practical exploitation less common.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can corrupt the heap of the target process. Depending on allocator state, application behavior, and surrounding memory-safety conditions, this may result in process crashes, memory corruption, denial of service, and potentially arbitrary code execution. The supplied context also notes high confidentiality, integrity, and availability impact in the CVSS record, but practical exploitability is constrained by the unusual argument requirements.

Mitigation

If you can’t patch tonight, do this now.

Where immediate patching is not possible, prevent attacker influence over alignment arguments passed to memalign-family functions. Enforce strict validation of alignment inputs, including reasonable upper bounds and expected constraints such as power-of-two requirements where applicable. Reject or sanitize abnormally large allocation sizes, especially values approaching PTRDIFF_MAX. Because exploitation may depend on an upstream application bug that allows attacker control of alignment, audit adjacent integer-handling and buffer-management code paths. Standard hardening measures such as ASLR and heap hardening may reduce exploit reliability but do not fix the underlying flaw.

Remediation

Patch, then assume compromise.

Upgrade glibc to version 2.43 or later, or apply the vendor/distribution backported fixes for affected stable branches. The provided context states fixes were backported across supported branches 2.30 through 2.42. After patching, rebuild or redeploy affected systems, containers, or applications so they link against the corrected glibc. Review any application code that passes externally influenced values into memalign, posix_memalign, or aligned_alloc and correct unsafe argument handling.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

GNU ProjectGlibcapplication

GNU ProjectGnu C Library (Glibc)application

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

24 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

24 SOURCESView more in app

help net securityNews

Mar 2, 2026

IPFire ships its 200th core update with a new domain blocklist and kernel upgrade - Help Net Security

A glibc vulnerability patched in IPFire Core Update 200.

security online infoNews

Jan 19, 2026

Decades-Old Flaw & New Heap Corruption: Critical glibc Bugs Revealed

Integer overflow in glibc memory-alignment allocation functions (memalign/posix_memalign/aligned_alloc) that can result in heap corruption under specific, uncommon argument conditions.

cvefeed high severityNews

Jan 14, 2026

CVE-2026-0861 - Integer overflow in memalign leads to heap corruption

An integer overflow (CWE-190) in GNU C Library (glibc) memalign-family functions when given an excessively large alignment value, potentially leading to heap corruption.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity18

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-0861

NVD

nvd.nist.gov/vuln/detail/CVE-2026-0861

MITRE CWE · CWE-190

Integer Overflow or Wraparound

Patch

openwall.com/lists/oss-security/2026/01/16/5

Patch

sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001

Exploit

sourceware.org/bugzilla/show_bug.cgi?id=33796