What is the CVSS score of CVE-2026-37539?

CVE-2026-37539 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.3%.

Which versions of cannelloni are affected by CVE-2026-37539?

Cannelloni v2.0.0 contains a critical remote code execution vulnerability (CVSS 9.8) in CAN FD frame parsing that allows unauthenticated network attackers to crash the service or execute arbitrary…

cannelloni CVE-2026-37539

EUVD-2026-26692 CRITICAL

Stack-based Buffer Overflow (CWE-121)

2026-05-01 mitre

RCE Buffer Overflow Denial Of Service Stack Overflow

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 01, 2026 - 17:30 vuln.today

EUVD ID Assigned

May 01, 2026 - 17:00 euvd

EUVD-2026-26692

Analysis Generated

May 01, 2026 - 17:00 vuln.today

CVE Published

May 01, 2026 - 00:00 nvd

CRITICAL 9.8

DescriptionNVD

Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted CAN FD frames.

AnalysisAI

Remote code execution in cannelloni v2.0.0 allows unauthenticated network attackers to crash the service or execute arbitrary code by sending malformed CAN FD frames that trigger buffer overflows in two separate parsing functions (parseCANFrame in parser.cpp and decodeFrame in decoder.cpp). The CVSS score of 9.8 reflects network-accessible exploitation requiring no authentication or user interaction, with complete system compromise possible. …

RemediationAI

24 hours: Isolate all cannelloni v2.0.0 instances from untrusted networks; document inventory of affected systems and their operational criticality. 7 days: Implement network segmentation restricting CAN frame traffic to trusted sources only; deploy network-based detection rules for malformed CAN FD frames; engage vendor for patch timeline confirmation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-37539 vulnerability details – vuln.today

Back

cannelloni CVE-2026-37539

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code