CVE-2026-13592

medium

Description

A vulnerability was detected in liftoff-sr CIPster up to e8e9dba09bf56962807d3504b783ccdb6287f3e4. Affected by this issue is the function BufWriter::append of the component EtherNet IP Message Handler. Performing a manipulation results in out-of-bounds write. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The patch is named 3a0159ed43125dcd024a1965f0289cb186bae9ff. To fix this issue, it is recommended to deploy a patch.

References

https://vuldb.com/vuln/374596/cti

https://vuldb.com/vuln/374596

https://vuldb.com/submit/844566

https://vuldb.com/cve/CVE-2026-13592

https://github.com/user-attachments/files/28452971/poc.zip

https://github.com/liftoff-sr/CIPster/issues/48#issuecomment-4596727632

https://github.com/liftoff-sr/CIPster/issues/48

https://github.com/liftoff-sr/CIPster/commit/3a0159ed43125dcd024a1965f0289cb186bae9ff

https://github.com/liftoff-sr/CIPster/

Details

Source: Mitre, NVD

Published: 2026-06-29

Updated: 2026-06-29

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: High

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium