CVE-2026-10703 - Vulnerability Details

- EIPStackGroup OpENer SendRRData cipmessagerouter.c CreateMessageRouterRequestStructure use after free

Description

A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-06-03

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A memory corruption flaw exists in the CreateMessageRouterRequestStructure function of the SendRRData handler within EIPStackGroup OpENer. The flaw allows a crafted message to free an object and later reference it, resulting in a use‑after‑free condition that can be leveraged for remote exploitation. The impact of this flaw is the potential execution of attacker‑controlled code, compromising confidentiality, integrity, and availability of affected systems.

Affected Systems

The vulnerability affects the OpENer software from EIPStackGroup, specifically versions up to and including 2.3.0. Users of these releases who run the SendRRData handler component are at risk. No other vendor or product versions are listed as affected.

Risk and Exploitability

The CVSS score for this flaw is 5.3, indicating a moderate severity. EPSS data is not available, and the vulnerability is not listed in CISA’s KEV catalog. Attackers could execute the exploit remotely by sending a maliciously crafted SendRRData request. Given the lack of an immediate patch and the public disclosure of the exploit, the risk is that vulnerable deployments may be compromised until a fix is applied.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

EIPStackGroup

OpENer

affected

Version	Status	Constraints
`2.0`	affected	—
`2.1`	affected	—
`2.2`	affected	—
`2.3.0`	affected	—

No data.

Vendor Product Confidence Versions

Eipstackgroup

Opener

95%

Version	Status	Scheme	Platform
`2.0`	affected	generic	—
`2.1`	affected	generic	—
`2.2`	affected	generic	—
`2.3.0`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Obtain and install a later OpENer release that contains the patch for CreateMessageRouterRequestStructure, removing the use‑after‑free flaw.
Use firewall or network segmentation to limit inbound traffic to the SendRRData service until a security update is deployed.
Monitor logs, application crashes, and memory‑corruption indicators, and configure alerts for abnormal terminations or heap errors caused by use‑after‑free conditions.

Generated by OpenCVE AI on June 3, 2026 at 03:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00046.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/EIPStackGroup/OpENer/
https://github.com/EIPStackGroup/OpENer/issues/566
https://github.com/user-attachments/files/27100961/poc.zip
https://vuldb.com/cve/CVE-2026-10703
https://vuldb.com/submit/830921
https://vuldb.com/vuln/368016
https://vuldb.com/vuln/368016/cti

History

Wed, 03 Jun 2026 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 03 Jun 2026 02:30:00 +0000

Type	Values Removed	Values Added
Description		A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title		EIPStackGroup OpENer SendRRData cipmessagerouter.c CreateMessageRouterRequestStructure use after free
First Time appeared		Eipstackgroup Eipstackgroup opener
Weaknesses		CWE-119 CWE-416
CPEs		cpe:2.3:a:eipstackgroup:opener::::::::
Vendors & Products		Eipstackgroup Eipstackgroup opener
References		https://github.com/EIPStackGroup/OpENer/ https://github.com/EIPStackGroup/OpENer/issues/566 https://github.com/user-attachments/files/27100961/poc.zip https://vuldb.com/cve/CVE-2026-10703 https://vuldb.com/submit/830921 https://vuldb.com/vuln/368016 https://vuldb.com/vuln/368016/cti
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Eipstackgroup Opener

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-03T00:30:10.797Z

Updated: 2026-06-03T12:41:17.854Z

Reserved: 2026-06-02T17:42:17.882Z

Link: CVE-2026-10703

Vulnrichment

Updated: 2026-06-03T12:41:12.824Z

NVD

Status : Received

Published: 2026-06-03T02:16:15.660

Modified: 2026-06-03T02:16:15.660

Link: CVE-2026-10703

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-03T03:45:23Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object