Description
The application contains a use-after-free vulnerability that can be exploited to cause memory corruption while parsing specially crafted files. This could allow an attacker to execute arbitrary code in the context of the current process.
Published: 2026-07-07
Score: 8.4 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free flaw that corrupts memory while parsing crafted files, potentially allowing an attacker to execute arbitrary code in the current process context. This flaw is a CWE‑416 vulnerability and can lead to full system compromise if an attacker can supply malicious input.

Affected Systems

The flaw affects Labcenter Proteus software, specifically versions prior to 9.2 SPO. Users running any version 8.0 or higher that has not been updated to the 9.2 SPO release are at risk. The advisory does not list additional vendor or product variations.

Risk and Exploitability

The CVSS score of 8.4 indicates a high severity, yet the EPSS score is unavailable, so the likelihood of exploitation in the wild remains uncertain. Because the vulnerability is a memory corruption flaw exploitable without authentication to the Proteus process, an attacker who can supply a malicious file will likely succeed. The issue is not listed in CISA’s KEV catalog, suggesting no known public exploits, but the high CVSS warrants prompt remediation.

Generated by OpenCVE AI on July 8, 2026 at 08:55 UTC.

Remediation

Vendor Solution

Labcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version can be found by looking at the bottom left of the Proteus home page (Version 8 or higher) or by selecting the About ISIS or About ARES option from the Help menu. Update notifications appear in the new and information section of the home page where you can activate the download and installation directly. If you have questions or need help please contact Labcenter or your local distributor.


OpenCVE Recommended Actions

  • Apply Labcenter’s latest update (Proteus 9.2 SPO) following the vendor’s official instructions.
  • Limit file import operations to trusted users and enforce strict file type validation within Proteus.
  • If an update cannot be applied immediately, isolate the Proteus installation on a restrict external file access to prevent exploitation.

Generated by OpenCVE AI on July 8, 2026 at 08:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Jul 2026 00:15:00 +0000

Type Values Removed Values Added
First Time appeared Labcenter
Labcenter proteus
Vendors & Products Labcenter
Labcenter proteus

Tue, 07 Jul 2026 22:15:00 +0000

Type Values Removed Values Added
Description The application contains a use-after-free vulnerability that can be exploited to cause memory corruption while parsing specially crafted files. This could allow an attacker to execute arbitrary code in the context of the current process.
Title Use After Free in Labcenter Proteus
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Labcenter Proteus
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-07-07T21:52:25.406Z

Reserved: 2026-06-03T15:40:50.731Z

Link: CVE-2026-42958

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T09:00:14Z

Weaknesses