Description
Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
Published: 2026-04-13
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information disclosure through resource leak
Action: Apply Patch
AI Analysis

Impact

The vulnerability is an out-of-bounds read in Samsung’s open‑source JavaScript engine Escargot, which can disclose internal resource information to an attacker. This flaw is categorized as CWE‑125 and can potentially expose sensitive data, compromising confidentiality. The exploit would allow an adversary to read memory beyond the intended bounds, revealing details that could be leveraged for further attacks.

Affected Systems

Samsung Open Source Escargot is affected, specifically the code snapshot identified by commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335. No broader version range is documented, so the issue applies to deployments using this revision or derivative builds that have not incorporated the fix.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, suggesting limited or no widespread exploitation at present. The attack vector is not explicitly described in the available information, but the nature of an out-of-bounds read typically allows local or remote exploitation where the attacker can supply crafted input to trigger the read. Given the moderate score and lack of known exploitation, organizations should treat the flaw as a high‑priority patching item, especially if the affected component processes untrusted input.

Generated by OpenCVE AI on April 13, 2026 at 07:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch referenced in Samsung’s GitHub pull request 1554, which fixes the out-of-bounds read.
  • Ensure your Escargot deployment is updated to the fixed commit or a later version.
  • Re‑validate all applications using Escargot to confirm no residual vulnerabilities remain.

Generated by OpenCVE AI on April 13, 2026 at 07:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read Causing Resource Leak Exposure in Escargot

Mon, 13 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Open Source
Samsung Open Source escargot
Vendors & Products Samsung Open Source
Samsung Open Source escargot

Mon, 13 Apr 2026 06:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L'}

Mon, 13 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Description Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L'}

Subscriptions

Samsung Open Source Escargot
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-04-13T13:09:49.728Z

Reserved: 2026-01-30T06:07:11.090Z

Link: CVE-2026-25209

cve-icon Vulnrichment

Updated: 2026-04-13T13:09:46.870Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-13T05:16:02.927

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-25209

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:04Z

Weaknesses