Medium severity6.3NVD Advisory· Published Apr 3, 2026· Updated Apr 30, 2026
CVE-2026-5474
CVE-2026-5474
Description
A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local network to execute the attack. The project was informed of the problem early through an issue report but has not responded yet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=7.0.0
Patches
Vulnerability mechanics
References
4- vuldb.com/submit/781950nvdThird Party AdvisoryVDB Entry
- vuldb.com/vuln/355078nvdThird Party AdvisoryVDB Entry
- github.com/nasa/cFS/issues/952nvdIssue Tracking
- vuldb.com/vuln/355078/ctinvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.