Skip to main content

Open CASCADE Technology CVE-2026-42478

| EUVDEUVD-2026-26601 HIGH
NULL Pointer Dereference (CWE-476)
2026-05-01 mitre
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 01, 2026 - 17:53 vuln.today
CVSS changed
May 01, 2026 - 17:52 NVD
7.5 (HIGH)
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26601
Analysis Generated
May 01, 2026 - 15:00 vuln.today
CVE Published
May 01, 2026 - 00:00 nvd
HIGH 7.5

DescriptionCVE.org

An issue was discovered in VrmlData_IndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because malformed VRML input can trigger dereference of a corrupt or unvalidated pointer during shape construction in libTKDEVRML.so.

AnalysisAI

Denial of service in Open CASCADE Technology (OCCT) V8_0_0_rc5 occurs when a crafted VRML V2.0 file triggers null pointer dereference during shape construction in the VrmlData_IndexedFaceSet::TShape parser. Remote unauthenticated attackers can crash applications using libTKDEVRML.so by delivering malformed VRML files, requiring no user interaction (CVSS AV:N/AC:L/PR:N/UI:N). EPSS score not available; no public exploit identified at time of analysis. Affects 3D CAD/visualization applications integrating OCCT for VRML import.

Technical ContextAI

Open CASCADE Technology (OCCT) is an open-source 3D modeling kernel widely used in CAD, CAM, and visualization applications. The VRML (Virtual Reality Modeling Language) V2.0 parser in libTKDEVRML.so handles import of scene graph data. CWE-476 (NULL Pointer Dereference) occurs in VrmlData_IndexedFaceSet::TShape during face set construction when the parser fails to validate pointer integrity before dereferencing. This indicates insufficient input validation on VRML geometry descriptors (coordIndex, texCoordIndex, or normalIndex fields). The vulnerability affects the geometry processing pipeline at parse time, before scene construction completes. CPE data is malformed (n/a:n/a) suggesting limited vendor coordination, but the specific affected version (V8_0_0_rc5) and library (libTKDEVRML.so) are confirmed by description and PoC reference.

RemediationAI

Upgrade to a stable OCCT release newer than V8_0_0_rc5 that includes null pointer validation in VrmlData_IndexedFaceSet::TShape. No vendor-released patch version independently confirmed from available data - check OCCT GitHub repository (https://github.com/Open-Cascade-SAS/OCCT) for commits addressing CWE-476 in VRML parser after rc5 timeframe. If immediate upgrade not feasible, implement compensating controls: disable VRML import functionality in applications where not required (reduces attack surface but eliminates feature); validate VRML files with strict schema checking before passing to OCCT parser (reduces malformed input but adds processing overhead and may not catch all malformed pointers); run VRML parsing in sandboxed processes with crash recovery to limit denial of service to isolated workers (contains impact but does not prevent crashes). Monitor application logs for repeated crashes in libTKDEVRML.so as potential exploitation indicator. For automated pipelines, implement file format allowlisting to reject VRML if not business-critical.

Share

CVE-2026-42478 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy