Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the file cfe_sb_priv.c of the component CCSDS Header Size Handler. Executing a manipulation can lead to memory corruption. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Memory corruption in NASA cFS up to version 7.0.0 via manipulation of the CFE_SB_TransmitMsg function in the CCSDS Header Size Handler component allows local attackers with low privileges to corrupt memory, potentially leading to denial of service or information disclosure. No public exploit code or active exploitation has been confirmed; the vendor was notified early but has not yet released a patch as of analysis time.
Technical ContextAI
NASA cFS (Core Flight System) is a middleware architecture designed for spacecraft onboard software. The vulnerability resides in the Software Bus (SB) component, specifically in the CFE_SB_TransmitMsg function within cfe_sb_priv.c, which handles transmission of messages formatted according to CCSDS (Consultative Committee for Space Data Systems) standards. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), indicating a buffer overflow or out-of-bounds write condition in the CCSDS header size handling logic. When a manipulated message is transmitted through this function, the improper bounds checking allows an attacker to write beyond allocated buffer boundaries, corrupting adjacent memory regions. This affects all cFS versions up to 7.0.0 as indicated by the CPE string cpe:2.3:a:nasa:cfs:*:*:*:*:*:*:*:* with no upper version bound specified in official patches.
RemediationAI
No vendor-released patch with a specific fixed version has been identified at time of analysis. NASA was notified of this vulnerability early through the issue report mechanism (https://github.com/nasa/cFS/issues/953), but the project has not yet responded with a patched release according to the provided data. Until an official patch is released, organizations deploying cFS should monitor the official GitHub repository (https://github.com/nasa/cFS/) for security updates and consider implementing defense-in-depth measures such as: restricting network access to cFS systems to trusted nodes only (given the AV:A requirement), enforcing strict privilege separation to limit low-privilege account capabilities, and validating incoming CCSDS header messages against strict size specifications before processing. Organizations running cFS in production should prioritize upgrading to a patched version immediately upon release.
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18813
GHSA-j8qx-48g9-p37g