{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22891", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2026-01-28T12:55:08.823Z", "datePublished": "2026-03-03T14:32:16.524Z", "dateUpdated": "2026-03-03T15:17:25.340Z"}, "containers": {"cna": {"affected": [{"vendor": "The Biosig Project", "product": "libbiosig", "versions": [{"version": "3.9.2", "status": "affected"}, {"version": "Master Branch (db9a9a63)", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE", "cweId": "CWE-122"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-03-03T14:32:16.524Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2361", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2361"}], "credits": [{"lang": "en", "value": "Discovered by Mark Bereza and Lilith >_> of Cisco Talos."}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2361"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-03T15:17:04.426Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-03T15:17:18.000036Z", "id": "CVE-2026-22891", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T15:17:25.340Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2361"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-03T15:17:04.426Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22891", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-03T15:17:18.000036Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T15:17:20.916Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Mark Bereza and Lilith >_> of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "The Biosig Project", "product": "libbiosig", "versions": [{"status": "affected", "version": "3.9.2"}, {"status": "affected", "version": "Master Branch (db9a9a63)"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2361", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2361"}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-03-03T14:32:16.524Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22891", "state": "PUBLISHED", "dateUpdated": "2026-03-03T15:17:25.340Z", "dateReserved": "2026-01-28T12:55:08.823Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2026-03-03T14:32:16.524Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libbiosig_project:libbiosig:3.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "163D4E31-DDCD-4F25-BFBE-C990D7D3B574", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}], "id": "CVE-2026-22891", "lastModified": "2026-03-05T18:15:20.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2026-03-03T15:16:18.620", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2361"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2361"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.9.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Master Branch (db9a9a63)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "libbiosig", "source": "cna", "vendor": "The Biosig Project"}, "product": "libbiosig", "vendor": "the_biosig_project"}], "analysis": {"en": {"generated_at": "2026-04-16T14:03:40.846015+00:00", "value": {"mitigation_remediation": ["Upgrade libbiosig to the latest release that contains the fix for the buffer overflow.", "If an update cannot be applied immediately, disable or restrict Intan CLP file parsing for untrusted users or require administrative approval for all CLP files.", "Implement runtime monitoring to detect abnormal memory corruption, unexpected process creation, or privilege escalation indicative of exploitation."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary code execution due to a heap buffer overflow"}, "threat_synthesis": {"affected_systems": "The Biosig Project libbiosig version 3.9.2 and the master branch (commit db9a9a63) are affected. Any system that loads Intan CLP files through libbiosig is at risk. No other vendors or product versions are listed as impacted.", "description_and_impact": "A heap-based buffer overflow exists in the Intan CLP parsing routine of libbiosig 3.9.2. The flaw, classified as CWE-122, allows an attacker to supply a specially crafted CLP file that overwrites memory and can lead to arbitrary code execution. This compromise threatens confidentiality, integrity, and availability of the affected system.", "risk_and_exploitability": "The vulnerability scores a CVSS base score of 9.8, indicating critical severity, yet its EPSS score is below 1%, suggesting low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. An attacker must provide a malicious CLP file to the parsing routine; therefore the likely attack vector is local or remote file upload/processing within an application that uses libbiosig."}}}}, "created": "2026-03-04T14:54:16.700582+00:00", "title": "Heap Overflow in libbiosig Intan CLP Parsing Leading to Arbitrary Code Execution", "updated": "2026-04-16T14:15:28.801657+00:00", "vendors": ["the_biosig_project", "the_biosig_project$PRODUCT$libbiosig"]}