What is CVE-2026-5475?

CVE-2026-5475 is a medium-severity vulnerability in Nasa Cfs, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 5.5/10. Published 2026-04-03.

How severe is CVE-2026-5475?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Buffer overflow in Nasa Cfs

CVE-2026-5475

A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the file cfe_sb_priv.c of the component CCSDS Header Size Handler. Executing a manipulation can lead to memory corruption. The project…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (11.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Nasa Cfs — versions 7.0
Nasa Core_flight_system

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cna@vuldb.com (Product, product)
cna@vuldb.com (issue-tracking, Issue Tracking)
Submit #781951 | NASA cFS 7.0.0 CFE_SB_TransmitMsg memcpy trusts CCSDS header size without sourc (VDB Entry, Third Party Advisory, third-party-advisory)
VDB-355079 | NASA cFS CCSDS Header Size cfe_sb_priv.c CFE_SB_TransmitMsg memory corruption (technical-description, VDB Entry, Third Party Advisory, vdb-entry)
VDB-355079 | CTI Indicators (IOB, IOC, IOA) (signature, Permissions Required, permissions-required, VDB Entry)

Frequently asked questions

What is CVE-2026-5475?: CVE-2026-5475 is a medium-severity vulnerability in Nasa Cfs, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 5.5/10. Published 2026-04-03.
How severe is CVE-2026-5475?: Medium severity. CVSS v3 base score is 5.5 out of 10.