A vulnerability classified as problematic has been found in samtools htslib up to 1.21.0/1.22.1/1.23 . Impacted is the function cram_decode_slice . Performing a manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2026-31967 . It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.