Skip to main content

Open Babel EUVDEUVD-2026-9141

| CVE-2026-3408 LOW
Improper Resource Shutdown or Release (CWE-404)
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

6
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
4.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Mar 04, 2026 - 02:40 vuln.today
Public exploit code
Patch released
Mar 04, 2026 - 02:40 nvd
Patch available
CVE Published
Mar 02, 2026 - 04:16 nvd
MEDIUM 4.3

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 27 pypi packages depend on openbabel (25 direct, 2 indirect)

Ecosystem-wide dependent count for version 3.2.0.

DescriptionCVE.org

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available and might be used. The name of the patch is e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is best practice to apply a patch to resolve this issue.

AnalysisAI

Open Babel versions up to 3.1.1 contain a null pointer dereference in the CDXML file handler's OBAtom::GetExplicitValence function, allowing remote attackers to crash the application through maliciously crafted files. Public exploit code exists for this vulnerability, making it a practical attack vector for denial of service. A patch is available and should be applied to all affected installations.

Technical ContextAI

Classified as CWE-404 (Improper Resource Shutdown or Release). Affects Open Babel. A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available and might be used. The name of the patch is e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is best practice to apply a patch to resolve this issue.

RemediationAI

A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.

Vendor StatusVendor

SUSE

Severity: Medium

Share

EUVD-2026-9141 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy