CVE-2026-9539 in libslirpinfo

Summary

by MITRE • 06/24/2026

An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments (e.g., QEMU) allows a privileged guest VM attacker (root or CAP_NET_RAW) to leak gigabytes of sensitive host-process heap memory via sending crafted TCP segments with manipulated URG flags and urgent pointers (ti_urp).

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

STAR Labs

Reservation

05/26/2026

Disclosure

06/24/2026

Moderation

accepted

Entry

VDB-373110

CPE

ready

CWE

CWE-125 (confirmed)

CVSS

6.5 (CNA)

EPSS

0.00106

KEV

Activities

low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-9539
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-9539
CVE Details	https://www.cvedetails.com/cve/CVE-2026-9539/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!