What is CVE-2026-42799?

CVE-2026-42799 is a high-severity vulnerability in Asr Kestrel, classified under Out-of-bounds Read. CVSS score: 7.4/10. Published 2026-04-30.

How severe is CVE-2026-42799?

High severity. CVSS v3 base score is 7.4 out of 10.

Out-of-bounds Read in Asr Kestrel

CVE-2026-42799

Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. This issue affects Kestrel: before 2026/02/10.

Vulnerability class: Buffer Overflow

EPSS: 0.000 (5.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L.

Affected products

Asr Kestrel — versions 0
Asrmicro Asr1803
Asrmicro Asr1803_firmware

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

68630edc-a58c-4cbd-9b01-0e130455c8ae (Vendor Advisory)

Frequently asked questions

What is CVE-2026-42799?: CVE-2026-42799 is a high-severity vulnerability in Asr Kestrel, classified under Out-of-bounds Read. CVSS score: 7.4/10. Published 2026-04-30.
How severe is CVE-2026-42799?: High severity. CVSS v3 base score is 7.4 out of 10.