Skip to main content

fbxcel EUVDEUVD-2026-42727

| CVE-2026-15274 LOW
Improper Resource Shutdown or Release (CWE-404)
2026-07-09 cna@vuldb.com GHSA-35hq-6xqg-g3wv
1.9
CVSS 4.0 · Vendor: vuldb

Severity by source

Vendor (vuldb) PRIMARY
1.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.3 LOW

Local-only exploitation requiring low privileges to supply a crafted FBX file; only availability is impacted at low severity with no scope change or confidentiality/integrity consequence.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (vuldb).

CVSS VectorVendor: vuldb

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 09, 2026 - 22:37 vuln.today

DescriptionCVE.org

A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the file src/pull_parser/v7400/parser.rs of the component Node Header Handler. The manipulation results in denial of service. The attack must be initiated from a local position. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.

AnalysisAI

Denial-of-service in fbxcel up to 0.9.0 allows a local, low-privileged attacker to crash any application embedding this Rust FBX-parsing library by supplying a crafted FBX file that triggers improper resource handling in the v7400 Node Header Handler. Impact is limited to availability with no confidentiality or integrity consequence, consistent with the CVSS 4.0 base score of 1.9. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local low-privilege access
Delivery
Supply crafted FBX file to fbxcel-based application
Exploit
Trigger malformed node header in v7400 pull parser
Execution
Improper resource release (CWE-404)
Impact
Application crash / denial of service

Vulnerability AssessmentAI

Exploitation Exploitation requires local system access and at minimum low-level privileges (PR:L per CVSS 4.0 vector) sufficient to supply a crafted FBX file as input to a running fbxcel-based application. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is very low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with low-level system privileges provides a specially crafted FBX file to an application that uses fbxcel for parsing. The malformed node header in the file triggers the CWE-404 flaw in the v7400 pull parser, causing the host application to crash or hang. …
Remediation No vendor-released patched version has been confirmed at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42727 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy