CVE-2026-58470
MEDIUM
NVD
CVSS Score
5.3
Severity
MEDIUM
Published
Jul 07, 2026
Vendor
unknown
Description
GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigger undefined behavior and download desynchronization in the affected client.