🟠 High  |  Source: Microsoft Security Response Center


CVE-2026-48863 is a stack-based buffer overflow vulnerability in libsolv, an open-source library used for package dependency resolution. The flaw exists in the EdDSA PGP signature verification routine and can be exploited to cause a denial of service. This matters because libsolv is widely used across Linux-based environments, including containerised workloads and Azure services that rely on package management.

Security Architect’s Take: Identify any Azure-hosted workloads, containers, or pipelines that use libsolv for package resolution and ensure the patched version is deployed promptly; also review container base images in your registries for the vulnerable library and trigger rebuilds as part of your standard vulnerability management process.

Original advisory: CVE-2026-48863 Libsolv: stack-based buffer overflow in libsolv eddsa pgp signature verification allows denial of service