CVE-2026-5475 - Vulnerability Details

Description

A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the file cfe_sb_priv.c of the component CCSDS Header Size Handler. Executing a manipulation can lead to memory corruption. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-04-03

Score: 5.1 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A buffer overrun exists in the NASA cFS component named CCSDS Header Size Handler, specifically within the CFE_SB_TransmitMsg function in file cfe_sb_priv.c. The flaw allows malicious manipulation of message data to overflow a buffer, corrupting adjacent memory. Depending on the context, this could destabilize the system or provide an attacker with a foothold for further exploitation, such as executing arbitrary code, if the overwritten memory controls critical execution paths.

Affected Systems

The vulnerability affects all releases of NASA cFS up to and including version 7.0.0. No other cFS releases are known to be impacted, and no vendor-specified patch does yet exist.

Risk and Exploitability

The CVSS score is 5.1, indicating moderate severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, so the likelihood of active attacks is unclear. The attack vector is inferred to be local or internal to the vehicle’s onboard software, as exploitation would require sending crafted messages to the message bus subsystem. Until an official fix or workaround is released, the risk remains moderate but should be monitored closely.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NASA

cFS

affected

Version	Status	Constraints
`7.0`	affected	—

No data.

Vendor Product Confidence Versions

Nasa

Cfs

95%

Version	Status	Scheme	Platform
`7.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check for updates to NASA cFS and apply any newer release that addresses buffer handling in CFE_SB_TransmitMsg
If no update exists, monitor the NASA cFS issue tracker and community for patches or advisories
Audit the affected subsystem to verify that all message broadcasts pass through the correct size checks or add custom validation to limit header lengths
Implement runtime integrity checks or memory protection mechanisms such as stack canaries or address space layout randomization if supported by the platform
Restrict the ability of untrusted code to construct or transmit messages that could trigger the overflow

Generated by OpenCVE AI on April 3, 2026 at 20:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

No EPSS score available.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/nasa/cFS/
https://github.com/nasa/cFS/issues/953
https://vuldb.com/submit/781951
https://vuldb.com/vuln/355079
https://vuldb.com/vuln/355079/cti

History

Fri, 03 Apr 2026 19:00:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 03 Apr 2026 17:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the file cfe_sb_priv.c of the component CCSDS Header Size Handler. Executing a manipulation can lead to memory corruption. The project was informed of the problem early through an issue report but has not responded yet.
Title		NASA cFS CCSDS Header Size cfe_sb_priv.c CFE_SB_TransmitMsg memory corruption
First Time appeared		Nasa Nasa cfs
Weaknesses		CWE-119
CPEs		cpe:2.3:a:nasa:cfs::::::::
Vendors & Products		Nasa Nasa cfs
References		https://github.com/nasa/cFS/ https://github.com/nasa/cFS/issues/953 https://vuldb.com/submit/781951 https://vuldb.com/vuln/355079 https://vuldb.com/vuln/355079/cti
Metrics		cvssV2_0 `{'score': 5.2, 'vector': 'AV:A/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.5, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}` cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}`

Subscriptions

Nasa Cfs

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-03T17:15:10.831Z

Updated: 2026-04-03T17:26:49.188Z

Reserved: 2026-04-03T07:51:21.728Z

Link: CVE-2026-5475

Vulnrichment

Updated: 2026-04-03T17:26:34.834Z

NVD

Status : Received

Published: 2026-04-03T18:16:26.250

Modified: 2026-04-03T18:16:26.250

Link: CVE-2026-5475

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-03T21:15:03Z

Weaknesses

CWE-119

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object