Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Sleuth Kit - Malicious APFS Image Can Reveal Sensitive Data
CVE-2026-40025
Summary
An attacker can create a malicious APFS disk image that, when processed by certain Sleuth Kit tools, may reveal sensitive information or crash the system. This vulnerability affects all versions of The Sleuth Kit up to 4.14.0. To protect your system, update to a patched version of The Sleuth Kit as soon as possible.
Original title
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without ...
Original description
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS disk image that triggers information disclosure or crashes when processed by any Sleuth Kit tool that parses APFS volumes.
nvd CVSS3.1
4.4
nvd CVSS4.0
4.8
Vulnerability type
CWE-125
Out-of-bounds Read
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026