CVE-2026-22188

Name of the Vulnerable Software and Affected Versions Panda3D versions up to and including 1.10.16

Description Panda3D deploy-stub contains a denial of service condition resulting from unbounded stack allocation. The deploy-stub executable uses alloca() to allocate argv copy and argv copy2 based on the argc value, which is directly controlled by the attacker, without any validation. Providing a large number of command-line arguments can exhaust stack space and lead to a crash and undefined behavior during Python interpreter initialization.

Recommendations Versions prior to 1.10.16 are not affected. Update to a version later than 1.10.16.