You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026-44673
About this tag
CVE-2026-44673 is a high-severity vulnerability in libyang, an open-source library for YANG data modeling. The flaw is an integer overflow in the lyb_read_string() function that can lead to a heap buffer overflow when malicious LYB data is parsed. While not a Windows kernel bug, Microsoft listed it in its Security Update Guide because the library is used in network automation stacks, containers, and third-party tools that may be part of a Windows infrastructure. This tag covers discussions about the supply-chain risk posed by open-source components in enterprise environments, patching guidance, and the impact on Windows administrators managing hybrid or Linux-adjacent systems.
Microsoft has listed CVE-2026-44673, a high-severity libyang flaw disclosed in 2026, in its Security Update Guide after researchers identified an integer overflow in lyb_read_string() that can become a heap buffer overflow when malicious LYB data is parsed. The bug is not a Windows kernel flaw...