CVE-2026-10065: Stack-based Buffer Overflow in Shibby Tomato
CVE-2026-10065 is a high-severity stack-based buffer overflow vulnerability in Shibby Tomato version 1. 28. It affects the get_ups_field function in the tomatodata. cgi file, where manipulation of the Date argument can trigger the overflow. The vulnerability can be exploited remotely without user interaction. However, this product is no longer supported by its maintainer and has been superseded by FreshTomato.
AI Analysis
Technical Summary
This vulnerability exists in Shibby Tomato 1.28 within the get_ups_field function of tomatodata.cgi. By manipulating the Date argument, an attacker can cause a stack-based buffer overflow remotely. The vulnerability has a CVSS 4.0 base score of 8.7, indicating high severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The product is deprecated and unsupported, replaced by FreshTomato.
Potential Impact
Successful exploitation allows remote attackers to cause a stack-based buffer overflow, potentially leading to arbitrary code execution or denial of service. Given the high CVSS score and remote attack vector, this poses a significant risk to affected systems running Shibby Tomato 1.28. However, since the product is no longer supported, no official fixes or mitigations are provided by the vendor.
Mitigation Recommendations
No official patch or remediation is available as the affected product is no longer supported and has been superseded by FreshTomato. Users are advised to upgrade to FreshTomato or another supported firmware to mitigate this vulnerability. Patch status is not yet confirmed for Shibby Tomato 1.28; check vendor advisories if any emerge. Until migration, affected systems should be isolated or otherwise protected from untrusted networks to reduce exposure.
CVE-2026-10065: Stack-based Buffer Overflow in Shibby Tomato
Description
CVE-2026-10065 is a high-severity stack-based buffer overflow vulnerability in Shibby Tomato version 1. 28. It affects the get_ups_field function in the tomatodata. cgi file, where manipulation of the Date argument can trigger the overflow. The vulnerability can be exploited remotely without user interaction. However, this product is no longer supported by its maintainer and has been superseded by FreshTomato.
CVSS v4.0
Score 8.7high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in Shibby Tomato 1.28 within the get_ups_field function of tomatodata.cgi. By manipulating the Date argument, an attacker can cause a stack-based buffer overflow remotely. The vulnerability has a CVSS 4.0 base score of 8.7, indicating high severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The product is deprecated and unsupported, replaced by FreshTomato.
Potential Impact
Successful exploitation allows remote attackers to cause a stack-based buffer overflow, potentially leading to arbitrary code execution or denial of service. Given the high CVSS score and remote attack vector, this poses a significant risk to affected systems running Shibby Tomato 1.28. However, since the product is no longer supported, no official fixes or mitigations are provided by the vendor.
Mitigation Recommendations
No official patch or remediation is available as the affected product is no longer supported and has been superseded by FreshTomato. Users are advised to upgrade to FreshTomato or another supported firmware to mitigate this vulnerability. Patch status is not yet confirmed for Shibby Tomato 1.28; check vendor advisories if any emerge. Until migration, affected systems should be isolated or otherwise protected from untrusted networks to reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-29T08:32:27.217Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a19bc63e29bf47b50f702ba
Added to database: 5/29/2026, 4:18:43 PM
Last enriched: 5/29/2026, 4:34:11 PM
Last updated: 5/29/2026, 5:38:36 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.