Stack Buffer Overflow in OpenSC Affects Smart Card Processing
CVE-2026-40510

1LOW

Key Information:

Vendor: Opensc
Status: Opensc
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-40510?

A stack buffer overflow vulnerability exists in OpenSC versions prior to 0.27.0-rc1 within the piv_process_history() function. This vulnerability can be exploited by attackers who have physical access to a targeted system, allowing them to use specially crafted PIV smart cards or USB devices. These malicious devices can return a URL field longer than 118 bytes in the Key History Object ASN.1 response, leading to potential memory corruption.

Affected Version(s)

OpenSC 0

OpenSC 0 < 0.27.0-rc1

OpenSC 0 < 3f24f0b48a481a8cf2e46059d8238a283ddc1c13

References

https://github.com/OpenSC/OpenSC/pull/3558

issue-tracking

https://github.com/OpenSC/OpenSC/commit/3f24f0b48a481a8cf...

patch

https://www.vulncheck.com/advisories/opensc-stack-buffer-...

third-party-advisory

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
Apr 13, 2026

Credit

Nicholas Carlini of Anthropic

CVE-2026-40510 Data

JSON