CVE-2026-9038 | THREATINT

Description

A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur, which can lead to execution of unauthorized code with elevated privileges.

PUBLISHED Reserved 2026-05-19 | Published 2026-05-28 | Updated 2026-05-29 | Assigner icscert

HIGH: 8.6CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-121 Stack-based buffer overflow

Product status

Default status

unaffected

Any version before May_22_2026

affected

Credits

Lionel R. Saposnik of SaiFlow reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-26-148-08 government-resource

cve.org (CVE-2026-9038)

nvd.nist.gov (CVE-2026-9038)

Download JSON