Out-of-Bounds Read Vulnerability in Escargot by Samsung
CVE-2026-25209

6.5MEDIUM

Key Information:

Vendor: Samsung Open Source
Status: Escargot
Vendor: CVE Published:; 13 April 2026

🔔 Create Samsung Open Source Vulnerability Alert

What is CVE-2026-25209?

An out-of-bounds read vulnerability exists in the Samsung Open Source Escargot web engine, which potentially allows attackers to access unintended memory locations. This could lead to exposure of sensitive information and resource management issues. This vulnerability is sourced from an identified code commit, and it is vital for users to evaluate their use of affected versions to mitigate risks.

Affected Version(s)

Escargot 97e8115ab1110bc502b4b5e4a0c689a71520d335

References

https://github.com/Samsung/escargot/pull/1554

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Jan 30, 2026

Credit

Sebastián Alba Vives / @Sebasteuo

CVE-2026-25209 Data

JSON