Vulnerability Details CVE-2026-41988
uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 7.9%
CVSS Severity
CVSS v3 Score 3.2
Products affected by CVE-2026-41988
-
cpe:2.3:a:uuidjs:uuid:1.0
-
cpe:2.3:a:uuidjs:uuid:1.1
-
cpe:2.3:a:uuidjs:uuid:1.2
-
cpe:2.3:a:uuidjs:uuid:1.3
-
cpe:2.3:a:uuidjs:uuid:1.3.1
-
cpe:2.3:a:uuidjs:uuid:1.3.2
-
cpe:2.3:a:uuidjs:uuid:1.3.3
-
cpe:2.3:a:uuidjs:uuid:1.4.0
-
cpe:2.3:a:uuidjs:uuid:1.4.1
-
cpe:2.3:a:uuidjs:uuid:1.4.2
-
cpe:2.3:a:uuidjs:uuid:1.4.3
-
cpe:2.3:a:uuidjs:uuid:1.4.4
-
cpe:2.3:a:uuidjs:uuid:1.4.5
-
cpe:2.3:a:uuidjs:uuid:1.4.6
-
cpe:2.3:a:uuidjs:uuid:1.4.7
-
cpe:2.3:a:uuidjs:uuid:10.0.0
-
cpe:2.3:a:uuidjs:uuid:11.0.0
-
cpe:2.3:a:uuidjs:uuid:11.0.0-0
-
cpe:2.3:a:uuidjs:uuid:11.0.1
-
cpe:2.3:a:uuidjs:uuid:11.0.2
-
cpe:2.3:a:uuidjs:uuid:11.0.3
-
cpe:2.3:a:uuidjs:uuid:11.0.4
-
cpe:2.3:a:uuidjs:uuid:11.0.5
-
cpe:2.3:a:uuidjs:uuid:11.1.0
-
cpe:2.3:a:uuidjs:uuid:12.0.0
-
cpe:2.3:a:uuidjs:uuid:13.0.0
-
cpe:2.3:a:uuidjs:uuid:2.0.0
-
cpe:2.3:a:uuidjs:uuid:2.0.1
-
cpe:2.3:a:uuidjs:uuid:3.0.0
-
cpe:2.3:a:uuidjs:uuid:3.0.1
-
cpe:2.3:a:uuidjs:uuid:3.1.0
-
cpe:2.3:a:uuidjs:uuid:3.2.0
-
cpe:2.3:a:uuidjs:uuid:3.2.1
-
cpe:2.3:a:uuidjs:uuid:3.3.0
-
cpe:2.3:a:uuidjs:uuid:3.3.1
-
cpe:2.3:a:uuidjs:uuid:3.3.2
-
cpe:2.3:a:uuidjs:uuid:3.3.3
-
cpe:2.3:a:uuidjs:uuid:3.4.0
-
cpe:2.3:a:uuidjs:uuid:7.0.0
-
cpe:2.3:a:uuidjs:uuid:7.0.1
-
cpe:2.3:a:uuidjs:uuid:7.0.2
-
cpe:2.3:a:uuidjs:uuid:7.0.3
-
cpe:2.3:a:uuidjs:uuid:8.0.0
-
cpe:2.3:a:uuidjs:uuid:8.1.0
-
cpe:2.3:a:uuidjs:uuid:8.2.0
-
cpe:2.3:a:uuidjs:uuid:8.3.0
-
cpe:2.3:a:uuidjs:uuid:8.3.1
-
cpe:2.3:a:uuidjs:uuid:8.3.2
-
cpe:2.3:a:uuidjs:uuid:9.0.0
-
cpe:2.3:a:uuidjs:uuid:9.0.1