CVE-2026-5476: Integer Overflow in NASA cFS
CVE-2026-5476 is an integer overflow vulnerability in NASA's Core Flight System (cFS) version 7. 0. 0 on 32-bit platforms. The flaw exists in the function CFE_TBL_ValidateCodecLoadSize within the cfe_tbl_passthru_codec. c source file. Exploitation complexity is high and the exploitability is considered difficult. There is no official fix available yet, but a patch is planned for a future release milestone. The vulnerability has a low CVSS score of 2. 1, indicating limited impact and exploitability.
AI Analysis
Technical Summary
This vulnerability involves an integer overflow in the CFE_TBL_ValidateCodecLoadSize function of NASA cFS up to version 7.0.0 on 32-bit systems. The overflow occurs due to manipulation of input values leading to incorrect size validation. The attack complexity is high and exploitability is difficult, reducing the likelihood of successful exploitation. No known exploits are reported in the wild. A fix is planned but not yet released.
Potential Impact
The integer overflow could potentially lead to incorrect processing of codec load sizes within the affected function, which might cause unexpected behavior or memory corruption. However, due to the high attack complexity and difficult exploitability, the practical impact is limited. No known active exploitation has been reported.
Mitigation Recommendations
No official patch or fix is currently available. A fix is planned for an upcoming version milestone of NASA cFS. Users should monitor NASA's official advisories and update to the fixed version once released. Until then, no specific mitigation actions are documented.
CVE-2026-5476: Integer Overflow in NASA cFS
Description
CVE-2026-5476 is an integer overflow vulnerability in NASA's Core Flight System (cFS) version 7. 0. 0 on 32-bit platforms. The flaw exists in the function CFE_TBL_ValidateCodecLoadSize within the cfe_tbl_passthru_codec. c source file. Exploitation complexity is high and the exploitability is considered difficult. There is no official fix available yet, but a patch is planned for a future release milestone. The vulnerability has a low CVSS score of 2. 1, indicating limited impact and exploitability.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves an integer overflow in the CFE_TBL_ValidateCodecLoadSize function of NASA cFS up to version 7.0.0 on 32-bit systems. The overflow occurs due to manipulation of input values leading to incorrect size validation. The attack complexity is high and exploitability is difficult, reducing the likelihood of successful exploitation. No known exploits are reported in the wild. A fix is planned but not yet released.
Potential Impact
The integer overflow could potentially lead to incorrect processing of codec load sizes within the affected function, which might cause unexpected behavior or memory corruption. However, due to the high attack complexity and difficult exploitability, the practical impact is limited. No known active exploitation has been reported.
Mitigation Recommendations
No official patch or fix is currently available. A fix is planned for an upcoming version milestone of NASA cFS. Users should monitor NASA's official advisories and update to the fixed version once released. Until then, no specific mitigation actions are documented.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-03T07:51:24.742Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69cffcbb0a160ebd924911a1
Added to database: 4/3/2026, 5:45:31 PM
Last enriched: 4/3/2026, 6:00:29 PM
Last updated: 4/3/2026, 7:47:43 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.