CVE-2026-5474

Name of the Vulnerable Software and Affected Versions NASA cFS versions up to 7.0.0

Description A flaw exists in NASA cFS up to version 7.0.0 within the CCSDS Packet Header Handler component. Specifically, the CFE MSG GetSize function in the file apps/to lab/fsw/src/to lab passthru encode.c is susceptible to a heap-based buffer overflow. Successful exploitation requires local network access. The project was notified of the issue but has not yet responded.

Recommendations Update to a version newer than 7.0.0.