Which versions of JS8Call are affected by CVE-2026-42996?

JS8Call, a radio communication application, contains a critical remote code execution vulnerability (CVSS 10.0) that allows unauthenticated attackers to execute arbitrary code through malformed radio…. A patch is available.

JS8Call CVE-2026-42996

Q: What is the CVSS score of CVE-2026-42996?

CVE-2026-42996 has a CVSS 4.0 base score of 10.0 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:M/U:Green. EPSS exploitation probability: 0.0%.

EUVD-2026-26482 CRITICAL

Stack-based Buffer Overflow (CWE-121)

2026-05-01 mitre

Buffer Overflow Stack Overflow

10.0

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:M/U:Green

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Patch released

May 01, 2026 - 23:16 nvd

Patch available

Analysis Generated

May 01, 2026 - 09:15 vuln.today

Patch available

May 01, 2026 - 08:01 EUVD

CVSS changed

May 01, 2026 - 07:22 NVD

10.0 (CRITICAL)

EUVD ID Assigned

May 01, 2026 - 07:00 euvd

EUVD-2026-26482

Analysis Generated

May 01, 2026 - 07:00 vuln.today

CVE Published

May 01, 2026 - 06:42 nvd

CRITICAL 10.0

DescriptionNVD

JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in

grid2deg in APRSISClient.cpp.

AnalysisAI

Stack-based buffer overflow in JS8Call allows remote code execution via crafted radio transmission containing an oversized Maidenhead grid locator. CVSS 10.0 reflects network-reachable attack with no authentication required. …

RemediationAI

Within 24 hours: Identify all deployed instances of JS8Call and JS8Call-improved across the organization and document current versions. Within 7 days: Upgrade JS8Call-improved to version 3.0 or later; for JS8Call (non-improved), contact vendor for patch status or implement network isolation of affected systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-42996 vulnerability details – vuln.today

Back

JS8Call CVE-2026-42996

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

JS8Call CVE-2026-42996

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code