Vulnerability Description
A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to be performed locally. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nasa | Core Flight System | <= 7.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/nasa/cFS/Product
- https://github.com/nasa/cFS/issues/951Issue Tracking
- https://vuldb.com/submit/781949Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/355077Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/355077/ctiPermissions RequiredVDB Entry
FAQ
What is CVE-2026-5473?
CVE-2026-5473 is a vulnerability with a CVSS score of 4.5 (MEDIUM). A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to...
How severe is CVE-2026-5473?
CVE-2026-5473 has been rated MEDIUM with a CVSS base score of 4.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-5473?
Check the references section above for vendor advisories and patch information. Affected products include: Nasa Core Flight System.