Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Green
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Green
Lifecycle Timeline
3DescriptionCVE.org
Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 bytes outside of the allocated space when running this operation.
AnalysisAI
Out-of-bounds write in Seagate's openSeaChest v26.03.0 allows a high-privileged local user to write 16 bytes beyond the allocated memory buffer during a Trim/Unmap (SCSI UNMAP / ATA DSM) storage operation. The flaw is confined to the LBA range descriptor construction logic and produces limited observable impact - low confidentiality exposure to the local system and a secondary system, with no integrity or availability consequences per the CVSS 4.0 vector. No public exploit identified at time of analysis, and CISA KEV does not list this vulnerability; Seagate self-disclosed the issue, suggesting responsible internal discovery.
Technical ContextAI
openSeaChest is Seagate's open-source, cross-platform command-line toolkit for managing ATA, SCSI, NVMe, and USB-attached storage devices. The Trim/Unmap operation instructs a drive to deallocate a range of Logical Block Addresses (LBAs), typically used during SCSI UNMAP or ATA DATA SET MANAGEMENT (DSM) commands. The root cause is CWE-787 (Out-of-bounds Write): the code that constructs the memory structure describing the LBA ranges to deallocate writes 16 bytes past the end of the allocated buffer. This is a classic off-by-one or miscalculated stride error in buffer sizing, consistent with the 'Buffer Overflow' and 'Memory Corruption' tags attached to this CVE. The affected version is v26.03.0 across all platforms supported by the toolkit (Linux, Windows, macOS, FreeBSD, etc.). No CPE string was provided in the source data.
Affected ProductsAI
Seagate openSeaChest version 26.03.0 is confirmed affected across all platforms supported by the toolkit, which includes Linux, Windows, macOS, and FreeBSD. No CPE string was included in the source intelligence. Version ranges outside of v26.03.0 (earlier or later) are not specified as affected or unaffected in the available data. Vendor information is available at the Seagate Product Security advisory page (https://www.seagate.com/product-security/#security-advisories) and the SeaChest support page (https://www.seagate.com/support/software/seachest/).
RemediationAI
The primary remediation is to upgrade openSeaChest to a version beyond v26.03.0 once a patched release is confirmed by Seagate. Monitor the Seagate Product Security advisory page at https://www.seagate.com/product-security/#security-advisories and the SeaChest software support page at https://www.seagate.com/support/software/seachest/ for a patched release. No exact fix version was included in the available source data - a patched released version is not independently confirmed at time of analysis. As a compensating control, restrict execution of openSeaChest to only the personnel and automated processes that strictly require it, leveraging OS-level privilege controls (sudo rules, Windows UAC policies) to limit who can invoke the Trim/Unmap subcommand. Because exploitation requires High Privileges, enforcing least-privilege principles for storage management tooling reduces the effective attack surface with no functional trade-off for standard users.
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34043
GHSA-qmm7-2j5h-mvvv