CVE-2026-6069 describes a stack-based buffer overflow vulnerability found within the disasm() function of the Netwide Assembler (NASM). This flaw arises when formatting disassembly output and can be exploited by an attacker providing input that exceeds the buffer's capacity, resulting in an out-of-bounds write. The vulnerability affects NASM versions 3.02rc5 through nasm-3.02rc5, and currently, no official patch has been released to address this issue.
CVE-2026-6069 in NASM affects the disasm() function, used for generating disassembly output. A stack-based buffer overflow occurs when the length of the output string (slen) exceeds the allocated buffer capacity. This allows an attacker to write out-of-bounds, potentially compromising system integrity. While no direct fix (fix: none) is available, the severity stems from the potential for remote code execution if exploited successfully. The lack of an official patch means NASM users should be extremely cautious when processing disassembled code from untrusted sources. Successful exploitation could result in system takeover. The absence of a KEV (Kernel Exploit Vulnerability) indicates the vulnerability resides in user space, but still poses a significant risk.
CVE-2026-6069 is exploited by providing the disasm() function with input that produces an output string (slen) exceeding the allocated buffer capacity. This can be achieved by manipulating the assembly code being disassembled. An attacker could craft specially designed assembly code to trigger this buffer overflow. Exploitation requires control over the input provided to NASM, meaning it is more likely to affect applications using NASM to disassemble code from external sources. The complexity of exploitation depends on the attacker's ability to control the input and their understanding of the disasm() function and its memory handling. The lack of a KEV suggests exploitation does not require kernel privileges, but does require access to the application using NASM.
Exploit Status
EPSS
0.05% (14% percentile)
Given the absence of a patch for CVE-2026-6069, mitigation focuses on risk reduction. The primary recommendation is to avoid using NASM to disassemble code from untrusted sources. If disassembly of unknown sources is necessary, it should be performed in an isolated environment, such as a virtual machine or container, to limit the potential impact of a successful exploitation. Furthermore, closely monitor systems using NASM for suspicious activity. Upgrading to a future version of NASM, once a fix is available, is the definitive solution. Implementing strict access controls and input validation can also help mitigate the risk. Limiting the privileges of the user running NASM is also a good practice.
Actualice a una versión corregida de NASM. La vulnerabilidad se ha solucionado en versiones posteriores a la 3.02rc5. Consulte las notas de la versión para obtener más detalles sobre la actualización.
Vulnerability analysis and critical alerts directly to your inbox.
It means that there is currently no patch available for this vulnerability.
Yes, if you are using NASM and processing code from untrusted sources, you are at risk.
Avoid disassembling code from unknown sources, use isolated environments, and monitor your system for suspicious activity.
There is no estimated date for a patch. Check for official NASM updates.
KEV stands for Kernel Exploit Vulnerability. The absence of a KEV indicates the vulnerability resides in user space.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.