Home

Description

A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability.

PUBLISHED Reserved 2026-04-15 | Published 2026-05-27 | Updated 2026-05-27 | Assigner CERTVDE




HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-1287 Improper Validation of Specified Type of Input

Product status

Default status
unaffected

0.0.0 (semver)
affected

Default status
unaffected

0.0.0 (semver)
affected

Default status
unaffected

8.4.4
affected

Default status
unaffected

3.0.2
affected

Default status
unaffected

0.0.0 (semver)
affected

Default status
unaffected

0.0.0 (semver)
affected

Default status
unaffected

8.4.4
affected

Default status
unaffected

3.0.2
affected

Credits

Moritz Abrell from SySS GmbH finder

Christian Zäske from SySS GmbH finder

References

www.certvde.com/en/advisories/VDE-2026-054/

cve.org (CVE-2026-40851)

nvd.nist.gov (CVE-2026-40851)

Download JSON