Memory Corruption in NASA cFS Affects CCSDS Header Size Handler
CVE-2026-5475

5.1MEDIUM

Key Information:

Vendor: Nasa
Status: Cfs
Vendor: CVE Published:; 3 April 2026

What is CVE-2026-5475?

A vulnerability has been identified in NASA's cFS up to version 7.0.0, which affects the CFE_SB_TransmitMsg function located in the cfe_sb_priv.c file. This vulnerability allows for potential memory corruption due to inadequate handling of the CCSDS header size during message transmission, which could be exploited through carefully crafted manipulation. Despite an issue report highlighting the problem, the project maintainers have yet to provide a response or patch.

Affected Version(s)

cFS 7.0

References

https://vuldb.com/vuln/355079

vdb-entrytechnical-description

https://vuldb.com/vuln/355079/cti

signaturepermissions-required

https://vuldb.com/submit/781951

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2026
Vulnerability Reserved
Apr 3, 2026

Credit

0rbitingZer0 (VulDB User)

VulDB CNA Team

CVE-2026-5475 Data

JSON