What is CVE-2026-35553?

CVE-2026-35553 is a medium-severity vulnerability in Dynabook Inc. Drfec.sys, classified under Stack-based Buffer Overflow. CVSS score: 6.7/10. Published 2026-04-13.

How severe is CVE-2026-35553?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Buffer overflow in Dynabook Inc. Drfec.sys

CVE-2026-35553

Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values.

Vulnerability class: Buffer Overflow

EPSS: 0.000 (4.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Dynabook Inc. Drfec.sys — versions v11.0.0.0 and earlier
Dynabook Inc. Tosrfec.sys — versions all versions

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

References

global.sharp/corporate/info/product-security/advisory-list/2026-001/
corporate.jp.sharp/info/product-security/advisory-list/2026-001/
jvn.jp/en/vu/JVNVU96334293/

Frequently asked questions

What is CVE-2026-35553?: CVE-2026-35553 is a medium-severity vulnerability in Dynabook Inc. Drfec.sys, classified under Stack-based Buffer Overflow. CVSS score: 6.7/10. Published 2026-04-13.
How severe is CVE-2026-35553?: Medium severity. CVSS v3 base score is 6.7 out of 10.