{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5476", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-03T07:51:24.742Z", "datePublished": "2026-04-03T17:30:12.629Z", "dateUpdated": "2026-04-04T03:20:03.080Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-03T17:30:12.629Z"}, "title": "NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-190", "lang": "en", "description": "Integer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-189", "lang": "en", "description": "Numeric Error"}]}], "affected": [{"vendor": "NASA", "product": "cFS", "versions": [{"version": "7.0", "status": "affected"}], "cpes": ["cpe:2.3:a:nasa:cfs:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told to be difficult. A fix is planned for the upcoming version milestone of the project."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.1, "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "LOW"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.6, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.6, "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-03T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-03T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-03T09:56:35.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "0rbitingZer0 (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/355080", "name": "VDB-355080 | NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/355080/cti", "name": "VDB-355080 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/781971", "name": "Submit #781971 | NASA cFS 7.0.0 Integer overflow in CFE_TBL_ValidateCodecLoadSize bypasses boun", "tags": ["third-party-advisory"]}, {"url": "https://github.com/nasa/cFS/issues/954", "tags": ["issue-tracking"]}, {"url": "https://github.com/nasa/cFS/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-04T03:19:52.603891Z", "id": "CVE-2026-5476", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-04T03:20:03.080Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5476", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-04T03:19:52.603891Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-04T03:19:57.698Z"}}], "cna": {"title": "NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow", "credits": [{"lang": "en", "type": "reporter", "value": "0rbitingZer0 (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.1, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:nasa:cfs:*:*:*:*:*:*:*:*"], "vendor": "NASA", "product": "cFS", "versions": [{"status": "affected", "version": "7.0"}]}], "timeline": [{"lang": "en", "time": "2026-04-03T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-03T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-03T09:56:35.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/355080", "name": "VDB-355080 | NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/355080/cti", "name": "VDB-355080 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/781971", "name": "Submit #781971 | NASA cFS 7.0.0 Integer overflow in CFE_TBL_ValidateCodecLoadSize bypasses boun", "tags": ["third-party-advisory"]}, {"url": "https://github.com/nasa/cFS/issues/954", "tags": ["issue-tracking"]}, {"url": "https://github.com/nasa/cFS/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told to be difficult. A fix is planned for the upcoming version milestone of the project."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "Integer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-189", "description": "Numeric Error"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-03T17:30:12.629Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5476", "state": "PUBLISHED", "dateUpdated": "2026-04-04T03:20:03.080Z", "dateReserved": "2026-04-03T07:51:24.742Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-03T17:30:12.629Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nasa:core_flight_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1F33BA5-5EB7-4CC8-9DA9-DD9D880EA824", "versionEndIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told to be difficult. A fix is planned for the upcoming version milestone of the project."}], "id": "CVE-2026-5476", "lastModified": "2026-05-04T14:19:34.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 2.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-03T18:16:26.687", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/nasa/cFS/"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/nasa/cFS/issues/954"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/submit/781971"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/vuln/355080"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/vuln/355080/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}, {"lang": "en", "value": "CWE-190"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "cFS", "source": "cna", "vendor": "NASA"}, "product": "cfs", "vendor": "nasa"}], "analysis": {"en": {"generated_at": "2026-04-03T20:35:35.058808+00:00", "value": {"mitigation_remediation": ["Determine the current cFS version in use", "Monitor the NASA cFS project for the planned patch release", "Upgrade to the patched cFS release when it becomes available"], "summary": {"action": "Patch Later", "impact": "Integer Overflow in Table Validation Function"}, "threat_synthesis": {"affected_systems": "The affected product is NASA Corporate Flight System (cFS). Versions up to 7.0.0 on 32\u2011bit architectures are impacted, while newer releases are not yet affected.", "description_and_impact": "A vulnerability in NASA cFS up to version 7.0.0 on 32\u2011bit platforms allows an attacker to cause an integer overflow in the CFE_TBL_ValidateCodecLoadSize function used by the passthru codec module. This overflow can lead to memory corruption or denial\u2011of\u2011service conditions if crafted input is processed, potentially affecting system integrity or availability.", "risk_and_exploitability": "The CVSS score is 2.1 indicating low severity. No EPSS score is available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack requires crafting specific input to trigger the overflow, and the description indicates a high complexity and difficult exploitation, implying a limited risk in typical use."}}}}, "created": "2026-04-03T21:12:51.238952+00:00", "updated": "2026-04-03T21:15:02.659799+00:00", "vendors": ["nasa", "nasa$PRODUCT$cfs"]}