Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
QEMU: Sensitive data exposed or service crashes when processing VMDK files
CVE-2026-2243
Summary
A bug in QEMU can cause sensitive data to be leaked or the program to crash if it's given a specially crafted virtual disk image. This could potentially expose confidential information. Update QEMU to the latest version to fix this issue.
Original title
A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service con...
Original description
A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS).
nvd CVSS3.1
5.1
Vulnerability type
CWE-125
Out-of-bounds Read
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026