CVE-2026-6068
NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed mem
NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or remote code execution.
CRITICAL · CVSS 9.6
EPSS 0.00029
Act now
- Public exploit or PoC is available
- SSVC automatable: yes - attacks can be scripted at scale
- CVSS base score ≥ 7.0
Sigma rules0
YARA rules0