This page aggregates publicly disclosed CVE and security risk information related to root, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-24811 | Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inffast.C. This issue affects root. | [email protected] | 9.3 | 0.30% | 2026-01-27 | 2026-06-17 |
| CVE-2010-3376 | The (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in ROOT 5.18/00 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | [email protected] | 6.9 | 0.38% | 2010-10-20 | 2026-06-16 |