Samsung Open Source ONE EUVD-2026-24628

| CVE-2026-6839 MEDIUM
Improper Validation of Specified Quantity in Input (CWE-1284)
2026-04-22 samsung.tv_appliance GHSA-mqr4-9x5m-973r
Information Disclosure Samsung
6.6
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High

Lifecycle Timeline

1
Analysis Generated
Apr 22, 2026 - 06:49 vuln.today

DescriptionNVD

Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0.

AnalysisAI

Improper validation of STRING tensor offsets in Samsung Open Source ONE prior to commit 1.30.0 allows local attackers with user interaction to trigger out-of-bounds memory access during constant tensor import, potentially causing information disclosure, data modification, or denial of service. The vulnerability affects the tensor metadata parsing logic when processing malformed string tensor definitions.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-24628 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy