Skip to main content

Open CASCADE Technology EUVDEUVD-2026-26599

| CVE-2026-42476 HIGH
Out-of-bounds Read (CWE-125)
2026-05-01 mitre
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 01, 2026 - 17:53 vuln.today
CVSS changed
May 01, 2026 - 17:52 NVD
7.1 (HIGH)
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26599
Analysis Generated
May 01, 2026 - 15:00 vuln.today
CVE Published
May 01, 2026 - 00:00 nvd
HIGH 7.1

DescriptionCVE.org

Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 exist in RWStl_Reader::ReadAscii because buffers returned by Standard_ReadLineBuffer::ReadLine() are not properly length-validated before strncasecmp or direct byte access. User-assisted attackers can trigger these issues by persuading a victim to open a crafted STL file with extremely short lines, resulting in a denial of service or possible information disclosure.

AnalysisAI

Heap-based out-of-bounds reads in Open CASCADE Technology (OCCT) V8_0_0_rc5 STL ASCII parser allow local attackers to trigger denial of service or disclose process memory by convincing users to open maliciously crafted STL files with extremely short lines. The vulnerability stems from improper length validation of buffers returned by Standard_ReadLineBuffer::ReadLine() before strncasecmp operations or direct byte access in RWStl_Reader::ReadAscii. CVSS score of 7.1 reflects high confidentiality and availability impact requiring user interaction. No public exploit code, active exploitation (CISA KEV), or vendor patch information identified at time of analysis, though technical details are publicly available via GitHub Gist.

Technical ContextAI

Open CASCADE Technology (OCCT) is an open-source 3D modeling framework widely used in CAD/CAM/CAE applications for geometric processing and visualization. The vulnerability resides in the STL (STereoLithography) ASCII file parser, specifically in the RWStl_Reader::ReadAscii function which processes text-based 3D mesh data. STL ASCII files describe triangular mesh geometry using human-readable text. The parser uses Standard_ReadLineBuffer::ReadLine() to read file lines but fails to validate buffer lengths before passing them to strncasecmp (case-insensitive string comparison) or performing direct byte-level operations. When processing malformed STL files with extremely short lines, the parser attempts to read beyond allocated heap buffer boundaries (CWE-125: Out-of-bounds Read). This heap-based buffer over-read can leak adjacent memory contents or cause process crashes when invalid memory regions are accessed. The affected version V8_0_0_rc5 indicates a release candidate build, suggesting pre-production code.

RemediationAI

No vendor-released patch or fixed version is identified in the available data. Organizations using Open CASCADE Technology V8_0_0_rc5 should check the official OCCT GitHub repository (https://github.com/Open-Cascade-SAS/OCCT) and Open CASCADE website for security advisories addressing CVE-2026-42476, particularly in stable 8.0.0 or later releases. If a patched version is released, upgrade OCCT library and recompile dependent applications. Compensating controls for unpatched environments: (1) Restrict STL file processing to trusted sources only - implement file origin validation before parsing, though this may break workflows requiring external model import; (2) Deploy OCCT-based applications in sandboxed environments (containers, VMs with limited privileges) to contain information disclosure impact, with overhead of maintaining isolated runtime environments; (3) Implement input validation wrapper to pre-scan STL files for abnormally short lines before passing to OCCT parser, though this requires custom development and may not catch all malformed inputs; (4) Disable STL ASCII format support if binary STL processing suffices for operational requirements, eliminating attack surface but reducing file format compatibility. The GitHub Gist reference (https://gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94a) may contain additional technical details useful for developing detection signatures or input validation rules.

Share

EUVD-2026-26599 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy