MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-48502 | MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime() can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed tokenSize includes the extension body length from the wire and is used in a stackalloc operation before the extension length is validated as one of the valid timestamp sizes. A very small payload can claim a large timestamp extension | 8.2 | 0.26% | 2026-06-22 | 2026-06-23 |
| CVE-2026-56411 | xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations. | 6.9 | 0.11% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56410 | xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId. | 6.9 | 0.11% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56409 | xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used. | 6.5 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56408 | libexpat before 2.8.2 has an integer overflow in copyString. | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56407 | libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56406 | libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse. | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56405 | libexpat before 2.8.2 has an integer overflow in getAttributeId. | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56404 | libexpat before 2.8.2 has an integer overflow in addBinding. | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56403 | libexpat before 2.8.2 has an integer overflow in storeAtts. | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-49346 | libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in `de265_image_get_buffer()` (`libde265/image.cc:128`). The overflow wraps the plane allocation size to a small value (~1 KB), but the subsequent `fill_image()` call computes the real size using `size_t`, writing ~4 GB into the undersized heap buffer. Version 1.1.0 patches the issue. | 7.1 | 0.18% | 2026-06-19 | 2026-06-26 |
| CVE-2026-3196 | An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition. | 5.5 | 0.10% | 2026-06-19 | 2026-06-22 |
| CVE-2026-8805 | Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection management process and triggering improper memory access. | 8.7 | 0.38% | 2026-06-18 | 2026-06-22 |
| CVE-2026-44663 | OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in ht_undo_impl() in src/lib/OpenEXRCore/internal_ht.cpp leads to a heap-buffer overflow when decoding a crafted HTJ2K-compressed EXR file. decode->channels[i].width (int32_t) is multiplied by bytes_per_element in 32-bit signed arithmetic. With large widths (e.g., >= 536870912 for FLOAT data), this overflows, produci | 6.1 | 0.17% | 2026-06-18 | 2026-06-25 |
| CVE-2026-55203 | HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and allowing malicious FastCGI backends to desynchronize the FCGI framing parser, potentially causing request routing errors, response smuggling, or memory safety issues. | 9.0 | 0.26% | 2026-06-18 | 2026-06-25 |
| CVE-2026-54417 | An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a crafted tar archive. mtar_next() computes the offset to the next record as round_up(h.size, 512) + sizeof(mtar_raw_header_t) using 32-bit arithmetic. When the header size field is a multiple of 512 in the range 0xFFFFFC01-0xFFFFFE00 (e.g. 0xFFFFFE00), the addition wraps to 0, so mtar_next() seeks to the | 8.7 | 0.42% | 2026-06-17 | 2026-06-17 |
| CVE-2026-0161 | In numberOfReportBlocks of RtpSession.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 8.8 | 0.23% | 2026-06-16 | 2026-06-17 |
| CVE-2026-0151 | In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 8.8 | 0.23% | 2026-06-16 | 2026-06-17 |
| CVE-2026-0150 | In ExecuteGraph command handler of EdgeTPU firmware, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with root privileges needed. User interaction is not needed for exploitation. | 7.8 | 0.07% | 2026-06-16 | 2026-06-17 |
| CVE-2026-0148 | In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 8.8 | 0.27% | 2026-06-16 | 2026-06-17 |