What is the CVSS score of CVE-2026-29642?

CVE-2026-29642 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of XiangShan are affected by CVE-2026-29642?

CVE-2026-29642 affects XiangShan RISC-V processor cores, allowing local M-mode attackers to corrupt critical processor status registers through malformed CSR instructions.

XiangShan CVE-2026-29642

EUVD-2026-23954 HIGH

Internal Asset Exposed to Unsafe Debug Access Level or State (CWE-1244)

2026-04-20 mitre

GHSA-9m35-v5wh-m3xw

Information Disclosure N A

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 21, 2026 - 20:23 vuln.today

CVSS changed

Apr 21, 2026 - 20:22 NVD

7.8 (HIGH)

EUVD ID Assigned

Apr 20, 2026 - 21:15 euvd

EUVD-2026-23954

Analysis Generated

Apr 20, 2026 - 21:15 vuln.today

CVE Published

Apr 20, 2026 - 00:00 nvd

HIGH 7.8

DescriptionNVD

A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads/writes to menvcfg (e.g., csrrs in M-mode). On affected XiangShan versions (commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19), these menvcfg accesses can unexpectedly set WPRI (reserved) bits in the status view (xstatus) to 1. RISC-V defines WPRI fields as "writes preserve values, reads ignore values," i.e., they must not be modified by software manipulating other fields, and menvcfg itself contains multiple WPRI fields.

AnalysisAI

Privileged CSR manipulation in XiangShan RISC-V processor core (commit aecf601e80, 2024-11-19) allows local attackers with M-mode access to corrupt processor status registers by exploiting improper handling of WPRI (Write Preserve, Read Ignore) fields in menvcfg operations. Carefully crafted csrrs instructions targeting menvcfg unexpectedly set reserved bits in xstatus to 1, violating RISC-V specification requirements that WPRI fields remain unchanged during CSR operations. …

RemediationAI

Within 24 hours: Identify all systems using XiangShan RISC-V processor cores and document current firmware/design commit versions. Within 7 days: Restrict M-mode access to trusted administrators only and review hardware security module configurations; contact XiangShan project maintainers for confirmed release version containing commit 5e3dd63. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-29642 vulnerability details – vuln.today

Back

XiangShan CVE-2026-29642

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code