Skip to main content

OVMS3 EUVDEUVD-2026-26694

| CVE-2026-37541 CRITICAL
Stack-based Buffer Overflow (CWE-121)
2026-05-01 mitre
10.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 01, 2026 - 17:30 vuln.today
EUVD ID Assigned
May 01, 2026 - 17:00 euvd
EUVD-2026-26694
Analysis Generated
May 01, 2026 - 17:00 vuln.today
CVE Published
May 01, 2026 - 00:00 nvd
CRITICAL 10.0

DescriptionCVE.org

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames.

AnalysisAI

Remote code execution in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005 allows network-based attackers to execute arbitrary code or crash the system without authentication. A buffer overflow in the GVRET CAN data parser (canformat_gvret.cpp) fails to validate length fields in binary frames, enabling memory corruption. CVSS 10.0 reflects unauthenticated network vector with scope change, but no public exploit or active exploitation confirmed at time of analysis. EPSS data unavailable; real-world risk depends on OVMS3 deployment exposure (typically vehicle telematics environments).

Technical ContextAI

OVMS3 is an open-source vehicle monitoring and telematics platform that interfaces with automotive CAN bus networks. The vulnerable component is canformat_gvret.cpp, which parses GVRET (Generalized Vehicle Reverse Engineering Tool) binary frame format used for CAN bus data transmission. GVRET frames contain a length field that controls buffer operations; lack of bounds checking allows attackers to specify lengths exceeding allocated buffer sizes, triggering classic stack or heap-based buffer overflow. The vulnerability is exploitable over network protocols that accept GVRET frames, likely TCP/IP connections to the OVMS3 web interface or API endpoints. CPE data (cpe:2.3:a:n/a:n/a) is a placeholder indicating vendor/product fields not yet populated in NVD, but GitHub reference confirms the openvehicles/Open-Vehicle-Monitoring-System-3 repository as the affected codebase.

RemediationAI

No vendor-released patch version or security advisory identified from provided references at time of analysis. GitHub repository reference (https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3) should be monitored for commits addressing CVE-2026-37541 or canformat_gvret.cpp buffer overflow fixes. GIST reference (https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381) may contain vulnerability details or POC but does not constitute an official patch. Compensating controls until patch available: (1) Block network access to OVMS3 GVRET ingestion endpoints from untrusted sources using firewall rules-restrict to local vehicle network only; this eliminates remote attack vector but may break legitimate remote monitoring features. (2) Disable GVRET frame processing if alternative CAN data formats are available; verify compatibility with monitoring workflows before deployment. (3) Deploy OVMS3 behind network segmentation with IDS/IPS monitoring for malformed GVRET frames containing anomalous length fields; configure detection rules for length values exceeding typical CAN frame sizes (8-64 bytes). Monitor vendor GitHub repository and security mailing lists for official fix announcements.

Share

EUVD-2026-26694 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy