gawk <5.4.0 Buffer Overflow (ftype)
CVE-2026-40553 Published on July 13, 2026
Stack-based buffer overflow in gawk
Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk (ftype() routine). This issue could be used to crash the program and potentially to achieve code execution, although the latter has not been confirmed to be feasible. It affects gawk in versions 5.4.0 and below.
Weakness Type
What is a Stack Overflow Vulnerability?
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2026-40553 has been classified to as a Stack Overflow vulnerability or weakness.
Affected Versions
GNU gawk:- Before and including 5.4.0 is affected.