Medium severity4.3NVD Advisory· Published Mar 2, 2026· Updated Apr 29, 2026

CVE-2026-3408

Description

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available and might be used. The name of the patch is e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is best practice to apply a patch to resolve this issue.

Affected products

Openbabel/Open Babel
cpe:2.3:a:openbabel:open_babel:*:*:*:*:*:*:*:*
Range: <=3.1.1

Patches

e23a224b8fd9

https://github.com/VedantMadane/openbabelvia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/VedantMadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08anvdPatch
github.com/openbabel/openbabel/issues/2848nvdExploitIssue Tracking
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
github.com/oneafter/0128/blob/main/ob3/repro.cdxmlnvdIssue Tracking
github.com/openbabel/openbabel/pull/2862nvdIssue Tracking
vuldb.comnvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000