A vulnerability classified as critical has been found in QEMU . Affected by this vulnerability is the function calc_image_hostmem . This manipulation causes integer overflow. This vulnerability is tracked as CVE-2026-3886 . The attack is restricted to local execution. No exploit exists. It is recommended to upgrade the affected component.