CVE-2026-4647: Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library

Overview

Severity

Medium (CVSS 6.1)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Exploit Status

Not Exploited

Patch Tuesday

2026-Mar

Released

2026-03-27

Last Updated

2026-04-29

EPSS Score

0.00% (percentile: 0.2%)

Affected Products (9)

Open Source Software

• cbl2 binutils 2.37-20 on CBL Mariner 2.0
• azl3 binutils 2.41-10 on Azure Linux 3.0
• azl3 crash 9.0.0-1 on Azure Linux 3.0
• azl3 gdb 13.2-6 on Azure Linux 3.0

Other

• 20600-17086
• 20598-17086
• 21253-17084
• 21200-17084
• 21201-17084

Revision History

• 2026-03-27: Information published.
• 2026-04-14: Information published.
• 2026-04-14: Information published.
• 2026-04-22: Information published.
• 2026-04-29: Information published.