Skip to main content

Eclipse KUKSA Databroker CVE-2026-13699

| EUVDEUVD-2026-43634 MEDIUM
Improper Input Validation (CWE-20)
2026-07-14 eclipse GHSA-ccmw-x5fc-v2mm
6.5
CVSS 3.1 · NVD
Share

Severity by source

Vendor (eclipse) PRIMARY
MEDIUM
qualitative
NVD
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.3 MEDIUM

JWT authentication requirement confirmed by description and PR:L; A:L reflects per-call panic with process survival, not service-level outage.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (eclipse).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
CVSS changed
Jul 14, 2026 - 21:07 NVD
4.3 (MEDIUM) 6.5 (MEDIUM)
Analysis Generated
Jul 14, 2026 - 08:46 vuln.today

DescriptionNVD

In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional data_point field in PublishValueRequest. When a request contains a valid signal_id but omits data_point, the server directly calls unwrap() on request.data_point, triggering a panic in the Tokio worker thread. This issue can be triggered by any client holding a valid JWT token. Unauthenticated or invalid-token requests are rejected and do not reach the vulnerable path. The panic causes the individual gRPC call to be cancelled but does not terminate the Databroker process, which remains available for subsequent requests.

AnalysisAI

Eclipse KUKSA Databroker 0.6.1 panics in a Tokio worker thread when an authenticated client sends a PublishValueRequest with a valid signal_id but omits the optional data_point field, causing the server to call Rust's unwrap() on a None value. Any client holding a valid JWT token can trigger this condition, cancelling the individual gRPC call while leaving the Databroker process intact and available. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid JWT token from Databroker deployment
Delivery
Connect to kuksa.val.v2.VAL/PublishValue gRPC endpoint
Exploit
Send PublishValueRequest with valid signal_id, omitting data_point field
Execution
Server calls unwrap() on None, triggering Rust panic in Tokio worker
Impact
Individual RPC call cancelled, caller receives error

Vulnerability AssessmentAI

Exploitation Exploitation requires possession of a valid JWT token accepted by the target Databroker instance - the description explicitly states that unauthenticated requests and requests carrying invalid tokens are rejected before reaching the vulnerable code path. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 3.1 score of 4.3 (Medium) with vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L accurately reflects the constrained impact of this vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker or compromised in-vehicle software component with a valid JWT token connects to the Databroker's gRPC interface and sends a PublishValueRequest that includes a legitimate signal_id but deliberately omits the data_point field. The server calls unwrap() on the absent field, triggering a Rust panic in the Tokio async worker thread, which cancels that specific RPC invocation and returns an error to the client. …
Remediation A vendor-released patched version is not independently confirmed from the available data; organizations should monitor the Eclipse security advisory at https://gitlab.eclipse.org/security/cve-assignment/-/work_items/148 for an official fix release and apply it promptly. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-13699 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy