CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-5474

A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow. The attacker must have access to the local network to execute the attack. The project was informed of the problem early through an issue report but has not responded yet.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.1%

CVSS Severity

CVSS v3 Score 6.3

CVSS v2 Score 5.8

References

Products affected by CVE-2026-5474

Nasa » Core Flight System » Version: 6.6.0a

cpe:2.3:a:nasa:core_flight_system:6.6.0a
Nasa » Core Flight System » Version: 6.7.0

cpe:2.3:a:nasa:core_flight_system:6.7.0
Nasa » Core Flight System » Version: 6.7.0a

cpe:2.3:a:nasa:core_flight_system:6.7.0a
Nasa » Core Flight System » Version: 7.0.0

cpe:2.3:a:nasa:core_flight_system:7.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-5474

Products

Pricing

Contact Us