CVE-2026-41907: CVE-2026-41907: Out-of-Bounds Write in uuid npm Package via Missing Boundary Checks

1 / 2

CVE-2026-41907: CVE-2026-41907: Out-of-Bounds Write in uuid npm Package via Missing Boundary Checks

DEV Community·CVE Reports·28 days ago

#mbwEpnuA

#commit #security #cve #cybersecurity #uuid #bounds

Reading 0:00

15s threshold

CVE-2026-41907: Out-of-Bounds Write in uuid npm Package via Missing Boundary Checks Vulnerability ID: CVE-2026-41907 CVSS Score: 8.1 Published: 2026-04-24 The widely used uuid npm package suffers from an out-of-bounds write vulnerability in its v3, v5, and v6 generation functions. By passing an improperly sized buffer or offset, attackers can cause silent partial writes, leading to data corruption and application logic flaws. TL;DR CVE-2026-41907 is an out-of-bounds write vulnerability affecting the uuid JavaScript library prior to version 14.0.0. Missing buffer boundary validations in the v3, v5, and v6 UUID functions allow truncation of generated identifiers without triggering exceptions, enabling data integrity degradation and potential application-level exploitation.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2026-41907: CVE-2026-41907: Out-of-Bounds Write in uuid npm Package via Missing Boundary Checks