Out-of-Bounds Memory Access in libais Affects Marine Communication Systems
CVE-2026-56770

8.7HIGH

Key Information:

Vendor: Schwehr
Status: Libais
Vendor: CVE Published:; 25 June 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-56770?

The vulnerability in libais arises from VdmStream::AddLine utilizing an unchecked sentinel value as a vector index. This flaw occurs when processing AIS sentences that contain empty or out-of-range sequential message IDs. Malicious actors can exploit this by sending specially crafted AIVDM sentences over VHF marine radio or IP feeds, leading to out-of-bounds memory access issues. Such exploitation can result in service crashes or instability in vessel systems, posing significant risks to marine operations.

Affected Version(s)

libais 0 <= 0.15

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-56770 - Proof of Concept

References

https://github.com/schwehr/libais/issues/263

technical-descriptionexploit

https://www.vulncheck.com/advisories/libais-out-of-bounds...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 25, 2026
👾
Exploit known to exist
Jun 25, 2026
Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 22, 2026

Credit

FuzzingLabs

CVE-2026-56770 Data

JSON

Schwehr

Badges

What is CVE-2026-56770?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit