A vulnerability classified as critical has been found in samtools htslib up to 1.21.0/1.22.1/1.23 . Affected is the function cram_decode_seq . The manipulation leads to heap-based buffer overflow. This vulnerability is documented as CVE-2026-31962 . The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.