EUVD-2026-26697CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Lifecycle Timeline
5DescriptionNVD
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_canswitch.cpp the parser does not properly validate a CANswitch DLC value, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted CANswitch frames.
AnalysisAI
Remote code execution in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005 allows unauthenticated network attackers to execute arbitrary code or crash the system by sending malformed CANswitch frames with invalid DLC (Data Length Code) values. The buffer overflow occurs in the canformat_canswitch.cpp parser module which fails to validate frame length parameters before processing, enabling memory corruption. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all OVMS3 instances in your environment and isolate those running version 3.3.005 or earlier to a segregated network segment; disable external network access if operationally feasible. Within 7 days: Implement network-based detection rules to block malformed CANswitch frames at perimeter firewalls and deploy protocol-level packet validation; contact OVMS project maintainers for patch timeline and security advisory updates. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today