Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceCVE-2026-40385

CVE-2026-40385

MEDIUM4.0

In libexif through 0

Published Apr 12, 2026

Modified 1 weeks ago

Details

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.

References

https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58

https://www.cve.org/CVERecord?id=CVE-2026-40385

CVSS Analysis

CVSS v3.1

4.0

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

NoneI:N

Availability

LowA:L

4/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedApr 12, 2026

ModifiedApr 14, 2026

CVE-2026-40385 | Mondoo Vulnerability Intelligence