What is the severity of CVE-2026-22026?

CVE-2026-22026 has a CVSS v3 score of 7.5, which is classified as High severity.

Is there an exploit available for CVE-2026-22026?

No known public exploits are currently available for CVE-2026-22026.

Is there a patch available for CVE-2026-22026?

Yes, patches are available for CVE-2026-22026. Check the vendor advisories for update instructions.

CVE-2026-22026 - CVE Details, Severity, and Analysis

CVE-2026-22026 - CVE Details, Severity, and Analysis | Strobes VI

Severity Scores

CVSS v37.5

CVSS v20.0

Priority Score386.0

EPSS Score0.0

High

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

7.5

CVSS

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3.

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:Local

Privileges Required:Network

User Interaction:Network

Scope:Unchanged

Confidentiality:Network

Integrity:Network

Availability:High

Patch References

Security [email protected]Security [email protected]

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Nasa	Cryptolib