CVE-2026-21897 is an out-of-bounds write vulnerability classified under CWE-787 found in NASA's CryptoLib, a software-only implementation of the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP). This library secures communications between spacecraft running the core Flight System (cFS) and ground stations. The vulnerability exists in the Crypto_Config_Add_Gvcid_Managed_Parameters function, which manages an array of GVCID managed parameters. The function only checks if the gvcid_counter exceeds GVCID_MAN_PARAM_SIZE, allowing up to the 251st entry to be written, which is beyond the array boundary of 250 elements. This results in an out-of-bounds write that overwrites the adjacent gvcid_counter variable. The corrupted gvcid_counter can take arbitrary values, potentially causing incorrect parameter lookup or registration behavior. This flaw can be triggered remotely without requiring authentication or user interaction, making it a network-exploitable vulnerability. The impact includes potential degradation or manipulation of secure communications between spacecraft and ground stations, affecting confidentiality, integrity, and availability. The vulnerability was patched in CryptoLib version 1.4.3, and no known exploits have been reported in the wild as of the publication date. The CVSS v3.1 base score is 7.3, indicating high severity due to the ease of exploitation and the critical nature of the affected systems.

For European organizations, particularly those involved in aerospace, satellite communications, and space research, this vulnerability poses a significant risk. Compromise of CryptoLib could lead to unauthorized manipulation or disruption of spacecraft-to-ground communications, potentially resulting in loss of sensitive telemetry data, command injection, or denial of service. This could affect mission-critical operations, data integrity, and confidentiality of space missions. The impact extends to national space agencies, aerospace contractors, and research institutions using or integrating the affected CryptoLib versions. Disruption or compromise of space communication links could have cascading effects on satellite operations, scientific data collection, and national security interests. Given the specialized nature of the software, the scope is limited to organizations using the cFS and CryptoLib, but the criticality of these systems amplifies the impact severity.

1. Immediate upgrade to CryptoLib version 1.4.3 or later, where the vulnerability is patched. 2. Conduct an inventory of all systems and software components using CryptoLib, especially those involved in spacecraft communication and ground station operations. 3. Implement strict input validation and boundary checks in any custom code interfacing with CryptoLib to prevent out-of-bounds conditions. 4. Monitor network traffic for anomalous patterns that could indicate exploitation attempts targeting spacecraft communication protocols. 5. Employ defense-in-depth strategies including network segmentation to isolate critical space communication infrastructure. 6. Collaborate with space agencies and vendors to ensure timely dissemination of patches and security advisories. 7. Perform security audits and penetration testing focused on space communication systems to identify residual vulnerabilities. 8. Establish incident response plans tailored to aerospace communication disruptions.