High severity7.5NVD Advisory· Published May 1, 2026· Updated May 1, 2026

CVE-2026-42478

Description

An issue was discovered in VrmlData_IndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because malformed VRML input can trigger dereference of a corrupt or unvalidated pointer during shape construction in libTKDEVRML.so.

Affected products

Opencascade/Open Cascade Technology7 versions
cpe:2.3:a:opencascade:open_cascade_technology:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:opencascade:open_cascade_technology:*:*:*:*:*:*:*:*range: <=7.9.3
- cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc5:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94anvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000