Deserialization Vulnerability in NASA cFS Software
CVE-2026-5473

2LOW

Key Information:

Vendor: Nasa
Status: Cfs
Vendor: CVE Published:; 3 April 2026

What is CVE-2026-5473?

A vulnerability exists in the NASA cFS software, specifically affecting the pickle.load function within the Pickle Module. This security flaw enables local deserialization attacks, which could potentially lead to unauthorized code execution. The complexity of successfully exploiting this vulnerability is considered high, and the attack methodology requires local access. Although the issue was communicated to the project team early through an issue report, there has yet to be a response or resolution from NASA regarding this critical concern.

Affected Version(s)

cFS 7.0

References

https://vuldb.com/vuln/355077

vdb-entrytechnical-description

https://vuldb.com/vuln/355077/cti

signaturepermissions-required

https://vuldb.com/submit/781949

third-party-advisory

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2026
Vulnerability Reserved
Apr 3, 2026

Credit

0rbitingZer0 (VulDB User)

VulDB CNA Team

CVE-2026-5473 Data

JSON