What is the CVSS score of EUVD-2026-26601?

EUVD-2026-26601 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Open CASCADE Technology are affected by EUVD-2026-26601?

Open CASCADE Technology (OCCT) V8.0.0_rc5 contains a denial-of-service vulnerability in VRML file parsing that allows remote attackers to crash 3D CAD and visualization applications without…

Open CASCADE Technology EUVD-2026-26601

| CVE-2026-42478 HIGH

NULL Pointer Dereference (CWE-476)

2026-05-01 mitre

Denial Of Service Null Pointer Dereference

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

May 01, 2026 - 17:53 vuln.today

CVSS changed

May 01, 2026 - 17:52 NVD

7.5 (HIGH)

EUVD ID Assigned

May 01, 2026 - 15:00 euvd

EUVD-2026-26601

Analysis Generated

May 01, 2026 - 15:00 vuln.today

CVE Published

May 01, 2026 - 00:00 nvd

HIGH 7.5

DescriptionNVD

An issue was discovered in VrmlData_IndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because malformed VRML input can trigger dereference of a corrupt or unvalidated pointer during shape construction in libTKDEVRML.so.

AnalysisAI

Denial of service in Open CASCADE Technology (OCCT) V8_0_0_rc5 occurs when a crafted VRML V2.0 file triggers null pointer dereference during shape construction in the VrmlData_IndexedFaceSet::TShape parser. Remote unauthenticated attackers can crash applications using libTKDEVRML.so by delivering malformed VRML files, requiring no user interaction (CVSS AV:N/AC:L/PR:N/UI:N). …

RemediationAI

Within 24 hours: inventory all applications and services using OCCT libTKDEVRML.so and document version numbers; disable VRML import functionality if operationally feasible. Within 7 days: implement network-level filtering to restrict VRML file uploads/transfers to authorized sources only; establish monitoring for application crashes correlated with VRML processing. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-26601 vulnerability details – vuln.today

Back

Open CASCADE Technology EUVD-2026-26601

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code