CVE-2026-27171: Medium severity zlib vulnerability
Published Feb 18, 2026
·Updated
zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition.
Affected Software
3 affected componentsFixes available
Event History
Feb 18, 2026
CVE Published
via MITRE·02:36 AM
Data Sourced
via MITRE·02:36 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·04:16 AM
DescriptionSeverityWeaknessAffected Software
Feb 21, 2026
Data Sourced
via Microsoft·12:27 PM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·12:27 PM
DescriptionSeverity
Frequently Asked Questions
1
What is the severity of CVE-2026-27171?
CVE-2026-27171 is classified with a high severity due to its potential to cause significant CPU consumption.
2
How do I fix CVE-2026-27171?
To fix CVE-2026-27171, you should upgrade to zlib version 1.3.2 or later.
3
What systems are affected by CVE-2026-27171?
CVE-2026-27171 affects all versions of zlib prior to version 1.3.2.
4
What type of vulnerability is CVE-2026-27171?
CVE-2026-27171 is a denial-of-service vulnerability that can lead to excessive CPU usage.
5
Is there a workaround for CVE-2026-27171?
There are no known effective workarounds for CVE-2026-27171, and updating zlib is recommended.