AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-44673: libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an

highvulnerability

security

Source: NVD/CVE DatabaseMay 14, 2026CVE-2026-44673

Summary

libyang is a library for working with YANG (a data modeling language used in network configuration). Before version 5.2.15, the lyb_read_string() function had an integer overflow vulnerability (where a number calculation wraps around and causes unexpected behavior), which could lead to a heap buffer overflow (writing data past the end of allocated memory) when processing malicious LYB binary data. An attacker who can send LYB data to systems using libyang could crash the program or corrupt memory.

Solution / Mitigation

This vulnerability is fixed in SO 5.2.15. Update libyang to version 5.2.15 or later.

Vulnerability Details

CVSS Score

7.5(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

network

Attack Complexity

low

Privileges Required

none

User Interaction

none

Disclosure Date

May 14, 2026

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

Taxonomy References

CWE (Weakness Type)

CWE-190

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-44673

First tracked: May 14, 2026 at 08:12 PM

Classified by LLM (prompt v3) · confidence: 72%