CVE-2026-24812
📋 TL;DR
This vulnerability in ROOT's built-in zlib modules (specifically inftrees.C) could allow memory corruption or code execution when processing compressed data. It affects all ROOT installations up to version 6.36.00-rc1. Users who process untrusted compressed data with ROOT are at risk.
💻 Affected Systems
- ROOT (root-project/root)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise if ROOT processes malicious compressed data from untrusted sources.
Likely Case
Application crash or denial of service when processing malformed compressed data, potentially causing data loss in scientific workflows.
If Mitigated
Limited impact if ROOT only processes trusted data sources and runs with minimal privileges.
🎯 Exploit Status
Exploitation requires crafting malicious compressed data that triggers the vulnerability in inftrees.C. No public exploit details available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 6.36.00-rc1 (check specific fix in PR #18527)
Vendor Advisory: https://github.com/root-project/root/pull/18527
Restart Required: Yes
Instructions:
1. Update ROOT to version after 6.36.00-rc1. 2. Recompile any custom ROOT-based applications. 3. Restart services using ROOT.
🔧 Temporary Workarounds
Disable built-in zlib
allForce ROOT to use system zlib library instead of vulnerable built-in modules
Configure ROOT with -Dbuiltin_zlib=OFF during build
Input validation
allValidate compressed data before processing with ROOT
🧯 If You Can't Patch
- Restrict ROOT to process only trusted, verified data sources
- Run ROOT in isolated containers with minimal privileges
🔍 How to Verify
Check if Vulnerable:
Check ROOT version: root-config --version and compare to 6.36.00-rc1Check Version:
root-config --versionVerify Fix Applied:
Verify version is newer than 6.36.00-rc1 and check that PR #18527 fixes are included📡 Detection & Monitoring
Log Indicators:
- ROOT segmentation faults
- Unexpected crashes when processing compressed data
- Memory corruption errors in ROOT logs
Network Indicators:
- Unusual compressed data transfers to ROOT systems
SIEM Query:
Process:name="root" AND (EventID:1000 OR ExceptionCode:c0000005)