Skip to main content

Open-SAE-J1939 EUVDEUVD-2026-26695

| CVE-2026-42467 HIGH
Uncontrolled Resource Consumption (CWE-400)
2026-05-01 mitre
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 01, 2026 - 19:45 vuln.today
CVSS changed
May 01, 2026 - 18:22 NVD
7.5 (HIGH)
EUVD ID Assigned
May 01, 2026 - 17:00 euvd
EUVD-2026-26695
Analysis Generated
May 01, 2026 - 17:00 vuln.today
CVE Published
May 01, 2026 - 00:00 nvd
HIGH 7.5

DescriptionCVE.org

An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Binary_Data_Transfer_DM16 causing a denial of service via crafted CAN frame on the J1939 bus.

AnalysisAI

Remote denial of service in Open-SAE-J1939 library (commit b6caf884 and prior, November 2025) allows unauthenticated attackers to crash SAE J1939 protocol implementations by sending malformed CAN frames to the J1939 bus. Exploitation is straightforward (CVSS AC:L, SSVC automatable:yes) and requires only network access to the CAN bus. No public exploit code confirmed, but GIST reference suggests proof-of-concept research exists. EPSS data unavailable; not in CISA KEV.

Technical ContextAI

SAE J1939 is a CAN-bus protocol standard used in heavy-duty vehicles and industrial control systems for ECU communication. Open-SAE-J1939 is an open-source implementation library. The vulnerability resides in the SAE_J1939_Read_Binary_Data_Transfer_DM16 function, which processes DM16 (Binary Data Transfer - Read) messages. CWE-400 (Uncontrolled Resource Consumption) indicates the code fails to properly validate or limit resource usage when parsing crafted CAN frames, likely triggering excessive memory allocation, CPU consumption, or crash conditions. CAN bus protocols operate at OSI Layer 2 and typically lack authentication, making network-accessible CAN segments particularly vulnerable. The CPE string shows generic vendor/product identifiers (n/a:n/a), suggesting this affects custom integrations of the library rather than a packaged commercial product.

RemediationAI

Review the GitHub GIST at https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381 for proof-of-concept details and potential upstream patches. Monitor the Open-SAE-J1939 repository for commits after b6caf884df46435e539b1ecbf92b6c29b345bdfe that address input validation in SAE_J1939_Read_Binary_Data_Transfer_DM16. No vendor-released patch version confirmed from available data. Compensating controls: (1) Implement CAN bus segmentation to isolate J1939 networks from untrusted zones - prevents remote network exploitation but requires network redesign. (2) Deploy application-layer CAN frame filtering/validation at gateway devices to reject malformed DM16 messages - may block legitimate diagnostic tools if filters too strict. (3) Enable rate limiting on CAN interfaces to mitigate resource exhaustion - reduces impact but does not prevent crash. (4) Disable Binary Data Transfer (DM16) protocol support if not operationally required - eliminates attack surface but breaks ECU reprogramming and advanced diagnostics. Consult VulDB advisory at https://vuldb.com/vuln/360759 for additional remediation guidance.

Share

EUVD-2026-26695 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy