CVE-2026-41144CRITICAL 9.8EPSS p34.1%

CVE-2026-41144CVE-2026-41144

Description

F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with byteOffset=0xFFFFFF9C and dataSize=100 overflows to 0, bypassing the check entirely. The subsequent file write proceeds at the original ~4GB offset. Additionally, Svc/FileUplink/File.cpp:20-31 performs no sanitization on the destination file path. Combined, these allow writing arbitrary data to any file at any offset. The impact is arbitrary file write leading to remote code execution on embedded targets. Note that this is a logic bug. ASAN does not detect it because all memory accesses are within valid buffers — the corruption occurs in file I/O. Version 4.2.0 contains a patch. No known workarounds are available.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.43% probability of exploitation · percentile 34.1% · 2026-06-19T12:03:05Z
Published2026-04-22
Last modified2026-05-21

Underlying weaknesses· 2

CWE-190CWE-787

References

  1. https://github.com/nasa/fprime/commit/cacdd555456bd83ab395b521d56c0330470ea798
  2. https://github.com/nasa/fprime/security/advisories/GHSA-qmvv-rxh4-ccqh

2

TypeTargetConfidenceTier
WeaknessInteger Overflow or Wraparoundcwe-1900%live
WeaknessOut-of-bounds Writecwe-7870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-5474
CVE
CVE-2026-0037
CVE
CVE-2025-4846
CVE
CVE-2025-4844
CVE
CVE-2025-4792
CVE
CVE-2025-5218
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.