A vulnerability categorized as critical has been discovered in GNU wget up to 1.25.0. Impacted is the function clean_metalink_string of the file src/metalink.c of the component Metalink Handler. Executing a manipulation can lead to heap-based buffer overflow.

This vulnerability appears as CVE-2026-58469. The attack may be performed from remote. There is no available exploit.