Description
Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 bytes outside of the allocated space when running this operation.
Published: 2026-06-02
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds write located in the Trim/Unmap operation of Seagate’s openSeaChest utility. When this operation is invoked, the program writes 16 bytes outside of the allocated memory buffer describing a range of logical block addresses to deallocate. This buffer overflow can corrupt adjacent memory, potentially leading to a crash or, if an attacker can control the data, to arbitrary code execution. The primary impact is memory corruption that could destabilize the system or allow further exploitation if conditions permit.

Affected Systems

The affected product is Seagate’s openSeaChest, version 26.03.0, released for all supported operating systems. Only this version is listed as vulnerable; newer releases are presumed to contain the fix.

Risk and Exploitability

The CVSS score of 4.6 indicates a moderate severity. No EPSS score is provided, and the vulnerability is not reported in the CISA KEV catalog. Because the flaw requires the Trim/Unmap command to be executed, the attack surface is limited to local or privileged users able to run openSeaChest. The risk is therefore moderate, with low likelihood of public exploitation but sufficient concern for users who routinely invoke the Trim operation.

Generated by OpenCVE AI on June 3, 2026 at 03:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update openSeaChest to a version that includes the buffer‑overflow fix.
  • If an update is not immediately available, restrict the use of the Trim/Unmap command until the patch is applied.
  • Check Seagate security advisories regularly for new releases and apply them promptly.

Generated by OpenCVE AI on June 3, 2026 at 03:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Seagate
Seagate open Seachest
Vendors & Products Seagate
Seagate open Seachest

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 bytes outside of the allocated space when running this operation.
Title Open Seachest/Seachest NVMe Trim (Deallocate) Vulnerability
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 4.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green'}

Subscriptions

Seagate Open Seachest
cve-icon MITRE

Status: PUBLISHED

Assigner: Seagate

Published:

Updated: 2026-06-03T13:06:43.250Z

Reserved: 2026-06-02T22:16:26.474Z

Link: CVE-2026-10718

cve-icon Vulnrichment

Updated: 2026-06-03T13:05:19.980Z

cve-icon NVD

Status : Received

Published: 2026-06-02T23:16:35.157

Modified: 2026-06-02T23:16:35.157

Link: CVE-2026-10718

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T10:54:26Z

Weaknesses