Low severity3.3NVD Advisory· Published Mar 2, 2026· Updated Apr 29, 2026

CVE-2026-3407

Description

A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Applying a patch is the recommended action to fix this issue. It appears that the issue is not reproducible all the time.

Affected products

Oneafter/0210references

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/YosysHQ/yosys/issues/5677nvd
github.com/YosysHQ/yosys/pull/5680nvd
github.com/YosysHQ/yosys/pull/5681nvd
github.com/oneafter/0210/blob/main/yo2/repronvd
vuldb.comnvd
vuldb.comnvd
vuldb.comnvd

News mentions

No linked articles in our index yet.

cvss	0.214
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000