CVE-2026-2704

Name of the Vulnerable Software and Affected Versions Open Babel versions prior to 3.1.2

Description A security issue exists in Open Babel up to version 3.1.1. The issue involves an out-of-bounds read within the OpenBabel::transform3d::DescribeAsString function located in the src/math/transform3d.cpp file, specifically within the CIF File Handler component. This issue is remotely exploitable and has been publicly disclosed. The project was notified of the problem but has not yet responded.

Recommendations Update to version 3.1.2 or later. As a temporary workaround, consider restricting access to the CIF File Handler component to minimize the risk of exploitation.