ByteOS Network

Vulnerability Details :

CVE-2026-5476

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-03 Apr, 2026 | 17:30

Updated At-04 Apr, 2026 | 03:20

NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow

A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told to be difficult. A fix is planned for the upcoming version milestone of the project.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulDB

Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5

Published At:03 Apr, 2026 | 17:30

Updated At:04 Apr, 2026 | 03:20

▼CVE Numbering Authority (CNA)

NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow

Affected Products

Vendor

NASA

Product

cFS

CPEs

cpe:2.3:a:nasa:cfs:*:*:*:*:*:*:*:*

Versions

Affected

Problem Types

Type	CWE ID	Description
CWE	CWE-190	Integer Overflow
CWE	CWE-189	Numeric Error

Type: CWE

CWE ID: CWE-190

Description: Integer Overflow

Type: CWE

CWE ID: CWE-189

Description: Numeric Error

Metrics

Version	Base score	Base severity	Vector
4.0	2.1	LOW	CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
3.1	4.6	MEDIUM	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R
3.0	4.6	MEDIUM	CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R
2.0	4.0	N/A	AV:A/AC:H/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR

Version: 4.0

Base score: 2.1

Base severity: LOW

Vector:

CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

Version: 3.1

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

Version: 3.0

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

Version: 2.0

Base score: 4.0

Base severity: N/A

Vector:

AV:A/AC:H/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR

Credits

reporter

0rbitingZer0 (VulDB User)

coordinator

VulDB CNA Team

Timeline

Event	Date
Advisory disclosed	2026-04-03 00:00:00
VulDB entry created	2026-04-03 02:00:00
VulDB entry last update	2026-04-03 09:56:35

Event: Advisory disclosed

Date: 2026-04-03 00:00:00

Event: VulDB entry created

Date: 2026-04-03 02:00:00

Event: VulDB entry last update

Date: 2026-04-03 09:56:35

References

Hyperlink	Resource
https://vuldb.com/vuln/355080	vdb-entry technical-description
https://vuldb.com/vuln/355080/cti	signature permissions-required
https://vuldb.com/submit/781971	third-party-advisory
https://github.com/nasa/cFS/issues/954	issue-tracking
https://github.com/nasa/cFS/	product

Hyperlink: https://vuldb.com/vuln/355080

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/vuln/355080/cti

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/submit/781971

Resource:

third-party-advisory

Hyperlink: https://github.com/nasa/cFS/issues/954

Resource:

issue-tracking

Hyperlink: https://github.com/nasa/cFS/

Resource:

product

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@vuldb.com

Published At:03 Apr, 2026 | 18:16

Updated At:04 May, 2026 | 14:19

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	2.1	LOW	CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	4.6	MEDIUM	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary	3.1	4.6	MEDIUM	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Secondary	2.0	4.0	MEDIUM	AV:A/AC:H/Au:S/C:P/I:P/A:P

Type: Secondary

Version: 4.0

Base score: 2.1

Base severity: LOW

Vector:

CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Type: Primary

Version: 3.1

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Type: Secondary

Version: 2.0

Base score: 4.0

Base severity: MEDIUM

Vector:

AV:A/AC:H/Au:S/C:P/I:P/A:P

CPE Matches

nasa>>core_flight_system>>Versions up to 7.0.0(inclusive)

cpe:2.3:a:nasa:core_flight_system:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-189	Primary	cna@vuldb.com
CWE-190	Primary	cna@vuldb.com

CWE ID: CWE-189

Type: Primary

Source: cna@vuldb.com

CWE ID: CWE-190

Type: Primary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/nasa/cFS/	cna@vuldb.com	Product
https://github.com/nasa/cFS/issues/954	cna@vuldb.com	Issue Tracking
https://vuldb.com/submit/781971	cna@vuldb.com	Third Party Advisory VDB Entry
https://vuldb.com/vuln/355080	cna@vuldb.com	Third Party Advisory VDB Entry
https://vuldb.com/vuln/355080/cti	cna@vuldb.com	Permissions Required VDB Entry

Hyperlink: https://github.com/nasa/cFS/

Source: cna@vuldb.com

Resource:

Product

Hyperlink: https://github.com/nasa/cFS/issues/954

Source: cna@vuldb.com

Resource:

Issue Tracking

Hyperlink: https://vuldb.com/submit/781971

Source: cna@vuldb.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://vuldb.com/vuln/355080

Source: cna@vuldb.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://vuldb.com/vuln/355080/cti

Source: cna@vuldb.com

Resource:

Permissions Required

VDB Entry

Similar CVEs

1Records found

CVE-2026-41144

Matching Score-6

Assigner-GitHub, Inc.

View Details

Matching Score-6

Assigner-GitHub, Inc.

CVSS Score-Not Assigned

EPSS-0.14% / 33.02%

7 Day CHG~0.00%

Published-21 Apr, 2026 | 23:58

Updated-22 Apr, 2026 | 21:23

F´ (F Prime) has Integer Overflow in FileUplink

F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with byteOffset=0xFFFFFF9C and dataSize=100 overflows to 0, bypassing the check entirely. The subsequent file write proceeds at the original ~4GB offset. Additionally, Svc/FileUplink/File.cpp:20-31 performs no sanitization on the destination file path. Combined, these allow writing arbitrary data to any file at any offset. The impact is arbitrary file write leading to remote code execution on embedded targets. Note that this is a logic bug. ASAN does not detect it because all memory accesses are within valid buffers — the corruption occurs in file I/O. Version 4.2.0 contains a patch. No known workarounds are available.

Vendor-nasa

Product-fprime

CWE ID-CWE-190

Integer Overflow or Wraparound

CWE ID-CWE-787

Out-of-bounds Write

CVE-2026-5476

Credits

NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs