CVE Catalog

CVE-2026-14686

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

A vulnerability was found in HdrHistogram up to version 2.2.2 in the `org.HdrHistogram.DoubleHistogram.recordValue` function. The issue involves an incorrect comparison in the Range Check component, leading to potential manipulation. The attack requires local access and the exploit has been made public.

Risk Assessment

The organization may face local manipulation of histogram data, potentially causing incorrect behavior in applications using this library. The lack of response from the project increases the risk of an unpatched vulnerability.

Recommendation

Immediately update HdrHistogram to the latest available version (above 2.2.2) or apply a temporary workaround if available. Monitor official project channels for patches.

Original NVD description (English source)

A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack is only possible with local access. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS