CVE-2026-6042

low-risk

Published 2026-04-10

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.3/10 Low

LOCAL / LOW complexity

References (6)

https://vuldb.com/submit/796352

https://vuldb.com/vuln/356620

https://vuldb.com/vuln/356620/cti

https://www.openwall.com/lists/oss-security/2026/04/02/10

https://www.openwall.com/lists/oss-security/2026/04/03/2

http://www.openwall.com/lists/oss-security/2026/04/09/19

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal