Login Sign Up

CVE-2026-2016

5.3 MEDIUM
Buffer Overflow

📋 TL;DR

A stack-based buffer overflow vulnerability exists in libfastcommon's base64_decode function, allowing local attackers to execute arbitrary code or cause denial of service. This affects systems using libfastcommon up to version 1.0.84. The vulnerability requires local access to exploit.

💻 Affected Systems

Products:
  • happyfish100 libfastcommon
Versions: Up to and including 1.0.84
Operating Systems: All platforms where libfastcommon is installed
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using libfastcommon's base64_decode function is vulnerable. This is a library used by various FastDFS-related projects.

📦 What is this software?

Libfastcommon by Happyfish100

View all CVEs affecting Libfastcommon →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, arbitrary code execution, or persistent backdoor installation.

🟠

Likely Case

Local denial of service (crash) or limited code execution within the context of the vulnerable application.

🟢

If Mitigated

Minimal impact if proper privilege separation and sandboxing are implemented.

🌐 Internet-Facing: LOW - Requires local access, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local attackers or compromised accounts could exploit this for privilege escalation or lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit has been publicly disclosed and requires local access. Attackers need to trigger the vulnerable base64_decode function with malicious input.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.85 or later (commit 82f66af3e252e3e137dba0c3891570f085e79adf)

Vendor Advisory: https://github.com/happyfish100/libfastcommon/issues/55

Restart Required: Yes

Instructions:

1. Update libfastcommon to version 1.0.85 or later. 2. Recompile any applications using libfastcommon. 3. Restart affected services.

🔧 Temporary Workarounds

Disable or restrict local access

all

Limit local user access to systems running vulnerable libfastcommon versions

Application sandboxing

linux

Run applications using libfastcommon in restricted containers or sandboxes

docker run --security-opt=no-new-privileges -it application_image

🧯 If You Can't Patch

  • Implement strict access controls to limit local user privileges
  • Monitor for suspicious local process activity and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check libfastcommon version: find / -name "*libfastcommon*" -type f 2>/dev/null | xargs strings 2>/dev/null | grep -i version

Check Version:

strings /usr/lib/libfastcommon.so | grep -i version

Verify Fix Applied:

Verify version is 1.0.85 or later and commit 82f66af3e252e3e137dba0c3891570f085e79adf is present

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Unusual local process spawning
  • Privilege escalation attempts

Network Indicators:

  • None - local exploit only

SIEM Query:

Process creation from unexpected local users OR Application crash logs containing libfastcommon/base64 references

📊 Metadata

CVE ID: CVE-2026-2016
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.01% exploit probability (2.4th percentile)
Published: February 6, 2026
Last Updated: February 17, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2016, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)