Description
Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation.

This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Published: 2026-05-19
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Samsung Open Source Escargot suffers from an improper check or handling of exceptional conditions that enables attackers to manipulate input data. This flaw is a classic example of CWE‑703 and can lead to unintended changes in the data processed by Escargot, potentially compromising the integrity of applications that rely on the JavaScript engine. No evidence indicates that the vulnerability results in denial of service or code execution, so the primary concern is data manipulation.

Affected Systems

The flaw affects the Samsung Open Source Escargot JavaScript engine, specifically the code base identified by commit 590345cc6258317c5da850d846ce6baaf2afc2d3. Systems running this version or earlier are potentially vulnerable. No other vendors or product versions are listed.

Risk and Exploitability

The CVSS score for this issue is 5.5, indicating a moderate severity. The EPSS score is not available, so the likelihood of exploitation in the wild is unknown. The vulnerability is not listed in the CISA KEV catalog, suggesting no active exploitation yet. The likely attack vector requires an attacker to supply crafted input to the Escargot engine, such as via a vulnerable application that parses data with Escargot. Because the flaw involves improper exception handling, the attacker must be able to trigger an exception during data processing.

Generated by OpenCVE AI on May 19, 2026 at 08:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Escargot to a patched version that resolves the exception handling issue, including the commit 590345cc6258317c5da850d846ce6baaf2afc2d3.
  • Sanitize and validate all input data before it is passed to Escargot to prevent malformed data from triggering the flaw.
  • Test dependent applications for unintended behavior after the upgrade to ensure the input manipulation risk is mitigated.

Generated by OpenCVE AI on May 19, 2026 at 08:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 08:45:00 +0000

Type Values Removed Values Added
Title Input Data Manipulation via Improper Exception Handling in Escargot
First Time appeared Samsung Open Source
Samsung Open Source escargot
Vendors & Products Samsung Open Source
Samsung Open Source escargot

Tue, 19 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Weaknesses CWE-703
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Samsung Open Source Escargot
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-05-19T06:32:49.925Z

Reserved: 2026-05-19T05:50:23.979Z

Link: CVE-2026-47316

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-19T08:16:15.977

Modified: 2026-05-19T08:16:15.977

Link: CVE-2026-47316

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T08:30:36Z

Weaknesses