CVE-2026-2246

A security vulnerability has been detected in AprilRobotics apriltag up to 3.4.5. Affected by this vulnerability is the function apriltag_detector_detect of the file apriltag.c. The manipulation leads to memory corruption. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The identifier of the patch is cfac2f5ce1ffe2de25967eb1ab80bc5d99fc1a61. It is suggested to install a patch to address this issue.

CVSS v3 3.3 LOW
CVSS v2.0 1.7 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/AprilRobotics/apriltag/
https://github.com/AprilRobotics/apriltag/commit/cfac2f5ce1ffe2de25967eb1ab80bc5d99fc1a61
https://github.com/AprilRobotics/apriltag/issues/422
https://github.com/AprilRobotics/apriltag/issues/422#issuecomment-3797661933
https://github.com/oneafter/0120/blob/main/repro
https://vuldb.com/?ctiid.344994
https://vuldb.com/?id.344994
https://vuldb.com/?submit.753162

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de seguridad ha sido detectada en AprilRobotics apriltag hasta 3.4.5. Afectada por esta vulnerabilidad es la función apriltag_detector_detect del archivo apriltag.c. La manipulación conduce a corrupción de memoria. El ataque debe ser llevado a cabo localmente. El exploit ha sido divulgado públicamente y puede ser usado. El identificador del parche es cfac2f5ce1ffe2de25967eb1ab80bc5d99fc1a61. Se sugiere instalar un parche para abordar este problema.

09 Feb 2026, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-09 20:15

Updated : 2026-06-17 10:30

NVD link : CVE-2026-2246

Mitre link : CVE-2026-2246

CVE.ORG link : CVE-2026-2246

JSON object : View

Products Affected

No product.

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2026-2246", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-2246", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-10T20:02:16.968974Z"}}], "cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 1.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 1.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "cna@vuldb.com", "affectedData": [{"vendor": "AprilRobotics", "product": "apriltag", "versions": [{"status": "affected", "version": "3.4.0"}, {"status": "affected", "version": "3.4.1"}, {"status": "affected", "version": "3.4.2"}, {"status": "affected", "version": "3.4.3"}, {"status": "affected", "version": "3.4.4"}, {"status": "affected", "version": "3.4.5"}]}]}], "published": "2026-02-09T20:15:59.467", "references": [{"url": "https://github.com/AprilRobotics/apriltag/", "source": "cna@vuldb.com"}, {"url": "https://github.com/AprilRobotics/apriltag/commit/cfac2f5ce1ffe2de25967eb1ab80bc5d99fc1a61", "source": "cna@vuldb.com"}, {"url": "https://github.com/AprilRobotics/apriltag/issues/422", "source": "cna@vuldb.com"}, {"url": "https://github.com/AprilRobotics/apriltag/issues/422#issuecomment-3797661933", "source": "cna@vuldb.com"}, {"url": "https://github.com/oneafter/0120/blob/main/repro", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.344994", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.344994", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.753162", "source": "cna@vuldb.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in AprilRobotics apriltag up to 3.4.5. Affected by this vulnerability is the function apriltag_detector_detect of the file apriltag.c. The manipulation leads to memory corruption. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The identifier of the patch is cfac2f5ce1ffe2de25967eb1ab80bc5d99fc1a61. It is suggested to install a patch to address this issue."}, {"lang": "es", "value": "Una vulnerabilidad de seguridad ha sido detectada en AprilRobotics apriltag hasta 3.4.5. Afectada por esta vulnerabilidad es la funci\u00f3n apriltag_detector_detect del archivo apriltag.c. La manipulaci\u00f3n conduce a corrupci\u00f3n de memoria. El ataque debe ser llevado a cabo localmente. El exploit ha sido divulgado p\u00fablicamente y puede ser usado. El identificador del parche es cfac2f5ce1ffe2de25967eb1ab80bc5d99fc1a61. Se sugiere instalar un parche para abordar este problema."}], "lastModified": "2026-06-17T10:30:37.473", "sourceIdentifier": "cna@vuldb.com"}