{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6839", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "state": "PUBLISHED", "assignerShortName": "samsung.tv_appliance", "dateReserved": "2026-04-22T06:03:50.823Z", "datePublished": "2026-04-22T06:07:06.857Z", "dateUpdated": "2026-04-22T12:30:25.364Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2026-04-22T06:07:06.857Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1284", "description": "CWE-1284 Improper validation of specified quantity in input", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "affected": [{"vendor": "Samsung Open Source", "product": "ONE", "versions": [{"status": "affected", "version": "1.30.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE\nAffected version is prior to commit 1.30.0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE<br>Affected version is prior to commit 1.30.0."}]}], "references": [{"url": "https://github.com/Samsung/ONE/pull/16481"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T12:29:51.595229Z", "id": "CVE-2026-6839", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T12:30:25.364Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6839", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T12:29:51.595229Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T12:30:06.852Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Samsung Open Source", "product": "ONE", "versions": [{"status": "affected", "version": "1.30.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/Samsung/ONE/pull/16481"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE\nAffected version is prior to commit 1.30.0.", "supportingMedia": [{"type": "text/html", "value": "Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE<br>Affected version is prior to commit 1.30.0.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1284", "description": "CWE-1284 Improper validation of specified quantity in input"}]}], "providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2026-04-22T06:07:06.857Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6839", "state": "PUBLISHED", "dateUpdated": "2026-04-22T12:30:25.364Z", "dateReserved": "2026-04-22T06:03:50.823Z", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "datePublished": "2026-04-22T06:07:06.857Z", "assignerShortName": "samsung.tv_appliance"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:one:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DBBA2E4-036F-40C0-B2EF-D14AB3C83B6E", "versionEndExcluding": "1.30.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE\nAffected version is prior to commit 1.30.0."}], "id": "CVE-2026-6839", "lastModified": "2026-04-27T18:22:02.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "PSIRT@samsung.com", "type": "Secondary"}]}, "published": "2026-04-22T07:16:14.957", "references": [{"source": "PSIRT@samsung.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/Samsung/ONE/pull/16481"}], "sourceIdentifier": "PSIRT@samsung.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1284"}], "source": "PSIRT@samsung.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.30.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}]}, "product": "one", "vendor": "samsung_open_source"}], "analysis": {"en": {"generated_at": "2026-04-22T07:39:33.113498+00:00", "value": {"mitigation_remediation": ["Deploy the latest commit 1.30.0 or a newer release, which introduces required bounds checks in string tensor imports.", "Rebuild or update all applications that depend on Samsung Open Source ONE to link against the patched library version.", "If an immediate upgrade is not feasible, implement validation of STRING tensor offsets before import to ensure they remain within valid bounds, providing a temporary safeguard."], "summary": {"action": "Apply patch", "impact": "Out of Bounds Access"}, "threat_synthesis": {"affected_systems": "Samsung Open Source:ONE installations built from any release prior to commit 1.30.0 are affected, as earlier versions lack the necessary bounds\u2011checking logic for string tensor imports.", "description_and_impact": "The vulnerability describes improper validation of STRING tensor offsets that can allow malformed string metadata to trigger out\u2011of\u2011bounds access during constant tensor import in Samsung Open Source ONE. This failure to enforce bounds checks could lead to corrupt memory or service instability when crafted data is processed; these outcomes are inferred from the nature of out\u2011of\u2011bounds issues and are not explicitly detailed in the CVE description.", "risk_and_exploitability": "The CVSS score of 6.6 indicates moderate severity, EPSS data is not available, and the vulnerability is not listed in CISA KEV, suggesting no documented exploitation to date. Based on the description, the likely attack vector involves an attacker who can supply malformed string tensor metadata\u2014this could occur in a local environment or potentially via remote input if the library processes untrusted data. The description does not provide evidence of exploitation, so these statements are inferred from the nature of the flaw."}}}}, "created": "2026-04-22T07:45:11.728132+00:00", "title": "Improper Validation of STRING Tensor Offsets Leading to Out\u2011of\u2011Bounds Access", "updated": "2026-04-22T11:44:33.607638+00:00", "vendors": ["samsung_open_source", "samsung_open_source$PRODUCT$one"]}