A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to be performed locally. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
References
| Link | Resource |
|---|---|
| https://github.com/nasa/cFS/ | Product |
| https://github.com/nasa/cFS/issues/951 | Issue Tracking |
| https://vuldb.com/submit/781949 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/355077 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/355077/cti | Permissions Required VDB Entry |
Configurations
History
30 Apr 2026, 20:57
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/nasa/cFS/ - Product | |
| References | () https://github.com/nasa/cFS/issues/951 - Issue Tracking | |
| References | () https://vuldb.com/submit/781949 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/355077 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/355077/cti - Permissions Required, VDB Entry | |
| CPE | cpe:2.3:a:nasa:core_flight_system:*:*:*:*:*:*:*:* | |
| First Time |
Nasa core Flight System
Nasa |
03 Apr 2026, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-03 17:16
Updated : 2026-04-30 20:57
NVD link : CVE-2026-5473
Mitre link : CVE-2026-5473
CVE.ORG link : CVE-2026-5473
JSON object : View
Products Affected
nasa
- core_flight_system