Is CVE-2026-13573 being exploited?

No public exploit is currently tracked.

How severe is CVE-2026-13573?

CVE-2026-13573 has a CVSS v3 severity of LOW (3.3).

Back

CVE-2026-13573

Description

A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.