CVE-2026-5474 | NASA cFS up to 7.0.0 CCSDS Packet Header to_lab_passthru_encode.c CFE_MSG_GetSize heap-based overflow (Issue 952)

A vulnerability identified as critical has been detected in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header Handler. Performing a manipulation results in heap-based buffer overflow.

This vulnerability is reported as CVE-2026-5474. The attacker must have access to the local network to execute the attack. No exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-5474 | NASA cFS up to 7.0.0 CCSDS Packet Header to_lab_passthru_encode.c CFE_MSG_GetSize heap-based overflow (Issue 952)

Post correlati

CVE-2024-3759 | OpenHarmony up to 4.0.0 TCB use after free

CVE-2025-22174 | Atlassian Jira Align up to 11.16.0 permission

CVE-2026-32267 | Craft CMS up to 4.17.5/5.9.11 authorization

CVE-2024-5088 | Happy Addons for Elementor Plugin up to 3.10.8 on WordPress cross site scripting