Vulnerability Details CVE-2026-40510
OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longer than 118 bytes in the Key History Object ASN.1 response.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.3%
CVSS Severity
CVSS v3 Score 3.8
References
Products affected by CVE-2026-40510
-
cpe:2.3:a:opensc_project:opensc:-
-
cpe:2.3:a:opensc_project:opensc:0.12.2
-
cpe:2.3:a:opensc_project:opensc:0.13.0
-
cpe:2.3:a:opensc_project:opensc:0.14.0
-
cpe:2.3:a:opensc_project:opensc:0.15.0
-
cpe:2.3:a:opensc_project:opensc:0.16.0
-
cpe:2.3:a:opensc_project:opensc:0.17.0
-
cpe:2.3:a:opensc_project:opensc:0.18.0
-
cpe:2.3:a:opensc_project:opensc:0.19.0
-
cpe:2.3:a:opensc_project:opensc:0.2.0
-
cpe:2.3:a:opensc_project:opensc:0.20.0
-
cpe:2.3:a:opensc_project:opensc:0.21.0
-
cpe:2.3:a:opensc_project:opensc:0.22.0
-
cpe:2.3:a:opensc_project:opensc:0.23.0
-
cpe:2.3:a:opensc_project:opensc:0.24.0
-
cpe:2.3:a:opensc_project:opensc:0.25.0
-
cpe:2.3:a:opensc_project:opensc:0.25.1
-
cpe:2.3:a:opensc_project:opensc:0.26.0
-
cpe:2.3:a:opensc_project:opensc:0.26.1
-
cpe:2.3:a:opensc_project:opensc:0.3.0
-
cpe:2.3:a:opensc_project:opensc:0.3.1