CVE-2026-24812

CRITICAL

root <6.36.00-rc1 - Info Disclosure

Title source: llm
STIX 2.1

Description

Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inftrees.C. This issue affects root: through 6.36.00-rc1.

References (2)

Core 2

Scores

CVSS v4 9.3
EPSS 0.0029
EPSS Percentile 20.2%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Amber

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-125
Status published
Products (1)
root-project/root < 6.36.00-rc1
Published Jan 27, 2026
Tracked Since Feb 18, 2026