CVE-2026-5473

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NASA cFS versions prior to 7.0.0

Description A deserialization issue exists in the Pickle Module within the pickle.load() function. This flaw allows for manipulation through local access, although the attack requires a high level of complexity and is considered difficult to execute.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the pickle.load() function in the Pickle Module to minimize the risk of exploitation.

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-502

Related Identifiers

CVE-2026-5473

Affected Products

Cfs

Core Flight System

CVE-2026-5473

Weakness Enumeration

Related Identifiers

Affected Products

References · 7