What is CVE-2026-34962?

CVE-2026-34962 is a medium-severity vulnerability in Barebox, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 6.2/10. Published 2026-05-11.

How severe is CVE-2026-34962?

Medium severity. CVSS v3 base score is 6.2 out of 10.

Vulnerability in Barebox

CVE-2026-34962

barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Att…

EPSS: 0.000 (2.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Barebox — versions 0
Pengutronix Barebox

Weakness classification (CWE)

CWE-835 — Loop with Unreachable Exit Condition (Infinite Loop)

References

disclosure@vulncheck.com (Product, product)
disclosure@vulncheck.com (Release Notes, patch)
disclosure@vulncheck.com (Third Party Advisory, third-party-advisory)

Frequently asked questions

What is CVE-2026-34962?: CVE-2026-34962 is a medium-severity vulnerability in Barebox, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 6.2/10. Published 2026-05-11.
How severe is CVE-2026-34962?: Medium severity. CVSS v3 base score is 6.2 out of 10.