What is CVE-2026-41988?

CVE-2026-41988 is a low-severity vulnerability in Uuidjs Uuid, classified under Always-Incorrect Control Flow Implementation. CVSS score: 3.2/10. Published 2026-04-23.

How severe is CVE-2026-41988?

Low severity. CVSS v3 base score is 3.2 out of 10.

Vulnerability in Uuidjs Uuid

CVE-2026-41988

uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.

EPSS: 0.000 (4.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.2 (Low). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N.

Affected products

Uuidjs Uuid — versions 0

Weakness classification (CWE)

CWE-670 — Always-Incorrect Control Flow Implementation

References

github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq
github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34

Frequently asked questions

What is CVE-2026-41988?: CVE-2026-41988 is a low-severity vulnerability in Uuidjs Uuid, classified under Always-Incorrect Control Flow Implementation. CVSS score: 3.2/10. Published 2026-04-23.
How severe is CVE-2026-41988?: Low severity. CVSS v3 base score is 3.2 out of 10.