Skip to main content

CVE-2026-42958

| EUVDEUVD-2026-42121 HIGH
Use After Free (CWE-416)
2026-07-07 ics-cert@hq.dhs.gov GHSA-38rj-c63j-q99w
8.4
CVSS 4.0 · Vendor: hq
Share

Severity by source

Vendor (hq) PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (hq) · only source for this CVE.

CVSS VectorVendor: hq

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 07, 2026 - 22:32 vuln.today

DescriptionCVE.org

The application contains a use-after-free vulnerability that can be exploited to cause memory corruption while parsing specially crafted files. This could allow an attacker to execute arbitrary code in the context of the current process.

AnalysisAI

Arbitrary code execution in an unnamed ICS/OT application arises from a use-after-free (CWE-416) triggered when the software parses a specially crafted file, letting an attacker run code in the context of the current process. The flaw was reported through CISA's ICS-CERT (advisory ICSA-26-188-06) and carries a CVSS 4.0 base score of 8.4; exploitation is local and requires a user to open the malicious file. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Inventory all systems running the affected ICS/OT application and classify by business criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-42958 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy