Description
A heap-based buffer overflow vulnerability exists in XML
parser functionality in the HiDraw. An authenticated
malicious user with local access can exploit this
vulnerability using a specially crafted XML file which may
lead to memory corruption and potential arbitrary code
execution. Successful exploitation could result in
application crashes (denial of service) and compromise the
confidentiality and integrity of the affected system.
Published: 2026-05-26
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap-based buffer overflow exists in the XML parser of HiDraw. An authenticated malicious user with local access can craft a malicious XML file that triggers memory corruption, potentially enabling arbitrary code execution and crashing the application. The vulnerability may compromise the confidentiality and integrity of the affected system.

Affected Systems

The flaw affects Hitachi Energy’s MACH HiDraw product. Version information is not specified, but any installation of HiDraw that includes the vulnerable XML parser is susceptible.

Risk and Exploitability

The CVSS score of 4.4 indicates a moderate severity. EPSS is not available and the CVE is not listed in KEV, so no widespread exploitation data exists. However, a local attacker with authenticated access can directly execute the exploit by running the crafted XML within the application’s context, leading to code execution or a service denial.

Generated by OpenCVE AI on May 26, 2026 at 15:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest HiDraw firmware or software update that patches the XML parser vulnerability.
  • Restrict local user privileges so that only trusted users can run custom XML files with sufficient rights.
  • Configure the system to reject or sandbox XML files from untrusted sources, and monitor for anomalous file modifications.

Generated by OpenCVE AI on May 26, 2026 at 15:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Hitachienergy
Hitachienergy mach Hidraw
Vendors & Products Hitachienergy
Hitachienergy mach Hidraw

Tue, 26 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Heap-based Buffer Overflow in HiDraw XML Parser Enables Local Code Execution

Tue, 26 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially crafted XML file which may lead to memory corruption and potential arbitrary code execution. Successful exploitation could result in application crashes (denial of service) and compromise the confidentiality and integrity of the affected system.
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 4.4, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Hitachienergy Mach Hidraw
cve-icon MITRE

Status: PUBLISHED

Assigner: Hitachi Energy

Published:

Updated: 2026-05-26T14:42:15.647Z

Reserved: 2026-04-28T12:37:08.600Z

Link: CVE-2026-7310

cve-icon Vulnrichment

Updated: 2026-05-26T14:42:10.307Z

cve-icon NVD

Status : Deferred

Published: 2026-05-26T14:16:40.523

Modified: 2026-05-26T20:03:50.687

Link: CVE-2026-7310

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T10:05:17Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow