CVE-2025-26519
CVE Details
Visit the official vulnerability details page for CVE-2025-26519 to learn more.
Initial Publication
02/14/2025
Last Update
01/05/2026
Third Party Dependency
musl
NIST CVE Summary
musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.
CVE Severity
Our Official Summary
CVE-2025-26519 is a high-severity out-of-bounds write vulnerability in musl libc, a lightweight implementation of the C standard library widely used in Linux distributions and container environments.
The flaw exists in the iconv() function when converting text from EUC-KR (a Korean character encoding) to UTF-8. Due to insufficient boundary checks in the conversion logic, malicious or untrusted EUC-KR input can trigger an out-of-bounds write, potentially corrupting memory. The issue affects musl libc versions 0.9.13 through 1.2.5 and is fixed in version 1.2.6 and later.
There issue is reported on virtual cluster cluster-api images. This vulnerability is only applicable if virtual clusters are enabled. There is no upstream fix available to fix this vulnerability. Once available, it will be adopted.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.8.13 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.7.29 | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.6.41 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.5.22 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
Revision History
| Date | Revision |
|---|---|
| 01/05/2026 | Status changed from Open to Ongoing |
| 01/05/2026 | Official summary added |
| 12/11/2025 | Advisory assigned with HIGH severity |