CVE-2026-5473: Deserialization in NASA cFS
CVE-2026-5473 is a low-severity vulnerability in NASA's Core Flight System (cFS) version 7. 0. 0 involving the pickle. load function in the Pickle Module. This vulnerability allows for deserialization attacks when exploited locally with a high level of complexity. Exploitation is difficult and requires local access with limited privileges. The vulnerability has been publicly disclosed, but no official response or patch from NASA is currently available.
AI Analysis
Technical Summary
This vulnerability affects the pickle.load function in the Pickle Module of NASA cFS up to version 7.0.0. It allows an attacker with local access to perform deserialization attacks, which can lead to unintended code execution or data manipulation. The attack complexity is high, and the exploitability is considered difficult. No vendor advisory or patch has been released as of the publication date.
Potential Impact
The impact is limited due to the requirement for local access and high attack complexity. The CVSS 4.0 base score of 2 indicates low severity, reflecting limited exploitability and impact. There are no known exploits in the wild. Potential impact includes unauthorized code execution or data manipulation via deserialization if successfully exploited locally.
Mitigation Recommendations
No official patch or remediation guidance is currently available from NASA. Since the vulnerability requires local access and high complexity, restricting local access to trusted users and monitoring for unusual activity may reduce risk. Check the vendor advisory regularly for updates or patches.
CVE-2026-5473: Deserialization in NASA cFS
Description
CVE-2026-5473 is a low-severity vulnerability in NASA's Core Flight System (cFS) version 7. 0. 0 involving the pickle. load function in the Pickle Module. This vulnerability allows for deserialization attacks when exploited locally with a high level of complexity. Exploitation is difficult and requires local access with limited privileges. The vulnerability has been publicly disclosed, but no official response or patch from NASA is currently available.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the pickle.load function in the Pickle Module of NASA cFS up to version 7.0.0. It allows an attacker with local access to perform deserialization attacks, which can lead to unintended code execution or data manipulation. The attack complexity is high, and the exploitability is considered difficult. No vendor advisory or patch has been released as of the publication date.
Potential Impact
The impact is limited due to the requirement for local access and high attack complexity. The CVSS 4.0 base score of 2 indicates low severity, reflecting limited exploitability and impact. There are no known exploits in the wild. Potential impact includes unauthorized code execution or data manipulation via deserialization if successfully exploited locally.
Mitigation Recommendations
No official patch or remediation guidance is currently available from NASA. Since the vulnerability requires local access and high complexity, restricting local access to trusted users and monitoring for unusual activity may reduce risk. Check the vendor advisory regularly for updates or patches.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-03T07:44:07.881Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69cff2300a160ebd92448b92
Added to database: 4/3/2026, 5:00:32 PM
Last enriched: 4/3/2026, 5:15:30 PM
Last updated: 4/3/2026, 8:44:23 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.