CVE-2026-41907

· NIST NVD ↗

uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0.

HIGH
CVSS severity
7.5
CVSS base score
2026-04-24
Published

CWE codes

CWE-787CWE-823

Affected products

uuidjs:uuid

Sources