CVE-2026-2705HIGH 8.1EPSS p47.2%

CVE-2026-2705CVE-2026-2705

Description

A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The manipulation results in out-of-bounds read. It is possible to launch the attack remotely. The exploit is now public and may be used. The patch is identified as e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. A patch should be applied to remediate this issue. The project was informed of the problem early through an issue report but has not responded yet.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
EPSS0.67% probability of exploitation · percentile 47.2% · 2026-06-19T12:03:05Z
Published2026-02-19
Last modified2026-04-29

Underlying weaknesses· 2

CWE-119CWE-125

References

  1. https://github.com/VedantMadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a
  2. https://github.com/oneafter/0128/blob/main/ob2/repro.mol2
  3. https://github.com/openbabel/openbabel/issues/2848
  4. https://github.com/openbabel/openbabel/pull/2862
  5. https://vuldb.com/?ctiid.346651
  6. https://vuldb.com/?id.346651
  7. https://vuldb.com/?submit.754379

2

TypeTargetConfidenceTier
WeaknessImproper Restriction of Operations within the Bounds of a Memory Buffercwe-1190%live
WeaknessOut-of-bounds Readcwe-1250%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-2704
CVE
CVE-2026-10114
CVE
CVE-2025-2752
CVE
CVE-2026-10115
CVE
CVE-2026-10113
CVE
CVE-2026-42480
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.