Unrated severityOSV Advisory· Published Jan 29, 2026· Updated Jan 29, 2026

CVE-2026-1188

Description

In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to account for the separator when determining when a write to the buffer was safe could lead to a buffer overflow. This issue is fixed in Eclipse OMR version 0.8.0.

Affected products

Eclipse/OmrOSV2 versions
omr-0.2.0, omr-0.3.0, omr-0.4.0, …+ 1 more
- (no CPE)range: omr-0.2.0, omr-0.3.0, omr-0.4.0, …
- (no CPE)range: >=0.2.0, <0.8.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/eclipse-omr/omr/pull/8082mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000