Vulnerability DatabaseCVE-2026-56790
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-56790
Published:June 25, 2026
Updated:June 29, 2026
CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or N2K-over-IP to trigger an out-of-bounds array access and denial of service.
Related Resources (4)
https://github.com/canboat/canboat/pull/649
https://github.com/canboat/canboat/issues/644
https://www.vulncheck.com/advisories/canboat-off-by-one-global-buffer-overflow-in-searchforpgn
https://github.com/canboat/canboat/commit/a5a22b74b9ac5688019cba62669df08562cebd6f
Do you need more information?
Contact Us
CVSS v4
Base Score:
7
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Off-by-one Error
CWE-193
EPSS
Base Score:
0.21