Heap-Based Buffer Overflow in NASA cFS Product
CVE-2026-5474

5.3MEDIUM

Key Information:

Vendor: Nasa
Status: Cfs
Vendor: CVE Published:; 3 April 2026

What is CVE-2026-5474?

The vulnerability in NASA's cFS is associated with the CFE_MSG_GetSize function within the CCSDS Packet Header Handler component found in to_lab_passthru_encode.c. This issue could lead to a heap-based buffer overflow, allowing an attacker with local network access to manipulate data. Although the organization has been notified of the vulnerability through an issue report, no response has been issued. This situation raises concerns about the security posture of the affected software, particularly in environments where cFS is deployed.

Affected Version(s)

cFS 7.0

References

https://vuldb.com/vuln/355078

vdb-entrytechnical-description

https://vuldb.com/vuln/355078/cti

signaturepermissions-required

https://vuldb.com/submit/781950

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2026
Vulnerability Reserved
Apr 3, 2026

Credit

0rbitingZer0 (VulDB User)

VulDB CNA Team

CVE-2026-5474 Data

JSON