Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
JWT authentication requirement confirmed by description and PR:L; A:L reflects per-call panic with process survival, not service-level outage.
Primary rating from Vendor (eclipse).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionNVD
In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional data_point field in PublishValueRequest. When a request contains a valid signal_id but omits data_point, the server directly calls unwrap() on request.data_point, triggering a panic in the Tokio worker thread. This issue can be triggered by any client holding a valid JWT token. Unauthenticated or invalid-token requests are rejected and do not reach the vulnerable path. The panic causes the individual gRPC call to be cancelled but does not terminate the Databroker process, which remains available for subsequent requests.
AnalysisAI
Eclipse KUKSA Databroker 0.6.1 panics in a Tokio worker thread when an authenticated client sends a PublishValueRequest with a valid signal_id but omits the optional data_point field, causing the server to call Rust's unwrap() on a None value. Any client holding a valid JWT token can trigger this condition, cancelling the individual gRPC call while leaving the Databroker process intact and available. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires possession of a valid JWT token accepted by the target Databroker instance - the description explicitly states that unauthenticated requests and requests carrying invalid tokens are rejected before reaching the vulnerable code path. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 3.1 score of 4.3 (Medium) with vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L accurately reflects the constrained impact of this vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker or compromised in-vehicle software component with a valid JWT token connects to the Databroker's gRPC interface and sends a PublishValueRequest that includes a legitimate signal_id but deliberately omits the data_point field. The server calls unwrap() on the absent field, triggering a Rust panic in the Tokio async worker thread, which cancels that specific RPC invocation and returns an error to the client. … |
| Remediation | A vendor-released patched version is not independently confirmed from the available data; organizations should monitor the Eclipse security advisory at https://gitlab.eclipse.org/security/cve-assignment/-/work_items/148 for an official fix release and apply it promptly. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Eclipse Kuksa Databroker
View allSame weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43634
GHSA-ccmw-x5fc-v2mm