Platform
linux
Component
binutils
Fixed in
2.41
A Denial of Service (DoS) vulnerability has been identified in the readelf utility within the Binutils package. A local attacker can exploit this flaw by providing a specially crafted Executable and Linkable Format (ELF) file, potentially leading to a denial of service. This vulnerability affects versions 2.31 through 2.40 of Binutils, and a fix is available in version 2.41.
Successful exploitation of CVE-2026-6844 allows a local attacker to crash the readelf utility, rendering it unresponsive. This can disrupt debugging and analysis workflows that rely on readelf. The vulnerability manifests in two ways: resource exhaustion, leading to an out-of-memory condition, and a null pointer dereference that triggers a segmentation fault. While the impact is localized to the readelf process, repeated exploitation could potentially impact system stability, especially on resource-constrained systems. The resource exhaustion aspect is particularly concerning as it could be leveraged to exhaust system memory, impacting other processes.
CVE-2026-6844 was publicly disclosed on 2026-04-22. Its severity is rated as MEDIUM. No public proof-of-concept (PoC) code has been released as of this writing. The vulnerability is not currently listed on the CISA KEV catalog. Exploitation requires local access to the system and the ability to provide a crafted ELF file to the readelf utility.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-6844 is to upgrade to Binutils version 2.41 or later, which contains the fix. If an immediate upgrade is not feasible, consider restricting access to the readelf utility to trusted users only. While a direct WAF rule is unlikely to be effective, monitoring system resource usage (memory, CPU) for unusual spikes could indicate exploitation attempts. There are no specific Sigma or YARA rules available at this time, but monitoring ELF file parsing processes for unexpected behavior is recommended. After upgrading, confirm the fix by attempting to execute readelf with a known malicious ELF file (if available) and verifying that it does not crash.
Update the binutils package to version 2.41 or higher to mitigate the denial of service vulnerabilities. Apply the security updates provided by your Linux distribution vendor (Red Hat in this case) to ensure protection against these attacks. Refer to Red Hat documentation for specific instructions on how to apply security updates.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-6844 is a Denial of Service vulnerability in Binutils versions 2.31 through 2.40. A crafted ELF file can crash the readelf utility.
You are affected if you are running Binutils versions 2.31 through 2.40 and have not upgraded. Upgrade to version 2.41 or later to mitigate the risk.
Upgrade to Binutils version 2.41 or later. If an upgrade is not immediately possible, restrict access to the readelf utility.
As of the last update, there are no confirmed reports of active exploitation, but it is recommended to apply the patch promptly.
Refer to the Binutils project website or your Linux distribution's security advisories for the official advisory regarding CVE-2026-6844.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.