This page lists publicly disclosed CVE vulnerabilities affecting nasa fprime (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-41144 | F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with byteOffset=0xFFFFFF9C and dataSize=100 overflows to 0, bypassing the check entirely. The subsequent file write proceeds at the original ~4GB offset. Additionally, Svc/FileUplink/File.cpp:20-31 performs no sanitizatio | [email protected] | 0.0 | 0.43% | 2026-04-21 | 2026-06-17 |
| CVE-2024-55030 | A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands. | [email protected] | 9.8 | 1.66% | 2025-03-25 | 2026-06-17 |
| CVE-2024-55029 | NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. | [email protected] | 6.1 | 0.27% | 2025-03-25 | 2026-06-17 |
| CVE-2024-55028 | A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file. | [email protected] | 9.8 | 0.68% | 2025-03-25 | 2026-06-17 |