CVE-2026-22026

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3

Description CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) for secure communication between a spacecraft and a ground station. The write callback function within the KMC crypto service client, prior to version 1.4.3, does not adequately limit the size of reallocated response buffers. This allows a malicious KMC server to send arbitrarily large HTTP responses, leading to excessive memory allocation and potential process termination. The vulnerable component is the libcurl function used for handling HTTP responses. The write callback function is specifically affected.

Recommendations Versions prior to 1.4.3 should be updated to version 1.4.3 or later.