A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told to be difficult. A fix is planned for the upcoming version milestone of the project.
References
| Link | Resource |
|---|---|
| https://github.com/nasa/cFS/ | Product |
| https://github.com/nasa/cFS/issues/954 | Issue Tracking |
| https://vuldb.com/submit/781971 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/355080 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/355080/cti | Permissions Required VDB Entry |
Configurations
History
04 May 2026, 14:19
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Nasa core Flight System
Nasa |
|
| CPE | cpe:2.3:a:nasa:core_flight_system:*:*:*:*:*:*:*:* | |
| References | () https://github.com/nasa/cFS/ - Product | |
| References | () https://github.com/nasa/cFS/issues/954 - Issue Tracking | |
| References | () https://vuldb.com/submit/781971 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/355080 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/355080/cti - Permissions Required, VDB Entry |
03 Apr 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-03 18:16
Updated : 2026-05-04 14:19
NVD link : CVE-2026-5476
Mitre link : CVE-2026-5476
CVE.ORG link : CVE-2026-5476
JSON object : View
Products Affected
nasa
- core_flight_system