Vulnerability Description
A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told to be difficult. A fix is planned for the upcoming version milestone of the project.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nasa | Core Flight System | <= 7.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/nasa/cFS/Product
- https://github.com/nasa/cFS/issues/954Issue Tracking
- https://vuldb.com/submit/781971Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/355080Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/355080/ctiPermissions RequiredVDB Entry
FAQ
What is CVE-2026-5476?
CVE-2026-5476 is a vulnerability with a CVSS score of 4.6 (MEDIUM). A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation ...
How severe is CVE-2026-5476?
CVE-2026-5476 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-5476?
Check the references section above for vendor advisories and patch information. Affected products include: Nasa Core Flight System.