mold Compiler: Potential Code Execution Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

mold Compiler: Potential Code Execution Risk

CVE-2026-3994

Summary

The mold compiler, a tool for building software, has a weakness that could allow an attacker to execute malicious code. This could lead to unauthorized access or damage to your systems. To protect yourself, ensure you update mold to a version later than 2.40.4 as soon as possible.

Original title

Original description

A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

osv CVSS3.1 5.3

https://github.com/oneafter/0209/blob/main/mo2/repro URL
https://github.com/rui314/mold/ URL
https://vuldb.com/?ctiid.350476 URL
https://vuldb.com/?id.350476 URL
https://vuldb.com/?submit.769772 URL
https://github.com/rui314/mold/issues/1548 Third Party Advisory

Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026