Heap-Based Buffer Overflow in Biosig Project's Parsing Functionality
CVE-2026-20777

8.1HIGH

Key Information:

Vendor: The BiOSig Project
Status: LibbiOSig
Vendor: CVE Published:; 3 March 2026

🔔 Create The BiOSig Project Vulnerability Alert

What is CVE-2026-20777?

A heap-based buffer overflow vulnerability has been identified in the WFT parsing functionality of the Libbiosig library. This flaw allows an attacker to exploit a specially crafted .wft file, potentially leading to arbitrary code execution on the affected system. By delivering a malicious file, a threat actor can manipulate the application's memory, posing significant security risks. Users and organizations relying on Libbiosig versions 3.9.2 and the Master Branch (db9a9a63) should take immediate action to mitigate exposure and protect their environments.

Affected Version(s)

libbiosig 3.9.2

libbiosig Master Branch (db9a9a63)

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2026
Vulnerability Reserved
Jan 28, 2026

Credit

Discovered by Mark Bereza and Lilith >_> of Cisco Talos.

CVE-2026-20777 Data

JSON