CWE-121— Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).— MITRE CWE catalog
3,296 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-121page 63 of 66
- CVE-2026-41434LOWCVSS 3.3EG 3.32026-07-06
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.10.0 and prior to version 4.11.0, an unbounded recursio…
- CVE-2026-41509CRITICALCVSS 9.8EG 9.82026-05-08
CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused by an underflow of the integer mlen. This…
- CVE-2026-4156HIGHCVSS 7.5EG 7.52026-04-11
ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV charge…
- CVE-2026-41565HIGHCVSS 7.5EG 7.52026-05-28
CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers. The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decrypt_verify XS routines copied the caller-s…
- CVE-2026-41681CRITICALCVSS 9.8EG 9.82026-04-24
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes…
- CVE-2026-41927HIGHCVSS 8.3EG 8.32026-05-04
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sen…
- CVE-2026-41956HIGHCVSS 7.5EG 7.52026-05-13
When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are no…
- CVE-2026-41963LOWCVSS 2.8EG 2.82026-05-15
Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-42050MEDIUMCVSS 5.5EG 5.52026-05-11
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a til…
- CVE-2026-42468HIGHCVSS 8.8EG 7.52026-05-01
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_pcap.cpp , the parser's phdr.len field is not properly validated, allowing remote attackers to cause a denial of service or possibly execute ar…
- CVE-2026-42469HIGHCVSS 8.6EG 8.62026-05-01
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_canswitch.cpp the parser does not properly validate a CANswitch DLC value, allowing remote attackers to cause a denial of service or possibly e…
- CVE-2026-42482CRITICALCVSS 9.8EG 9.82026-05-01
A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or…
- CVE-2026-42485HIGHCVSS 7.5EG 7.52026-05-01
AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_PA…
- CVE-2026-42854CRITICALCVSS 9.8EG 9.82026-05-12
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array (VLA) on the stack…
- CVE-2026-42919MEDIUMCVSS 6.7EG 6.72026-05-13
A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions…
- CVE-2026-42996CRITICALCVSS 10.0EG 10.02026-05-01
JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp.
- CVE-2026-43623HIGHCVSS 8.8EG 8.82026-06-01
microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw_to_header() function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminate…
- CVE-2026-43661HIGHCVSS 7.5EG 7.52026-05-11
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory.
- CVE-2026-43718MEDIUMCVSS 6.5EG 6.52026-06-29
A stack overflow was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
- CVE-2026-43958HIGHCVSS 7.8EG 7.82026-06-01
A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service …
- CVE-2026-44048HIGHCVSS 8.8EG 8.82026-05-21
A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service.
- CVE-2026-44056MEDIUMCVSS 6.4EG 6.42026-05-21
A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data.
- CVE-2026-44089CRITICALCVSS 9.4EG 9.42026-06-23
Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attac…
- CVE-2026-44412HIGHCVSS 7.8EG 7.82026-05-12
A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to e…
- CVE-2026-44634HIGHCVSS 8.7EG 8.72026-06-10
SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl b…
- CVE-2026-44815CRITICALCVSS 9.8EG 9.82026-06-09
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
- CVE-2026-44855HIGHCVSS 7.2EG 7.22026-05-12
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative priv…
- CVE-2026-44856HIGHCVSS 7.2EG 7.22026-05-12
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative priv…
- CVE-2026-44857HIGHCVSS 7.2EG 7.22026-05-12
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative priv…
- CVE-2026-44858HIGHCVSS 7.2EG 7.22026-05-12
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative priv…
- CVE-2026-44859HIGHCVSS 7.2EG 7.22026-05-12
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative priv…
- CVE-2026-45250HIGHCVSS 7.8EG 7.82026-05-21
The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first v…
- CVE-2026-45463HIGHCVSS 8.4EG 8.42026-06-09
Integer underflow (wrap or wraparound) in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-45648HIGHCVSS 8.8EG 8.82026-06-09
Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
- CVE-2026-4682HIGHCVSS 8.7EG 8.72026-04-15
Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan i…
- CVE-2026-47318MEDIUMCVSS 6.1EG 6.12026-06-04
Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035.
- CVE-2026-4747HIGHCVSS 8.8EG 8.82026-03-26
Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious clie…
- CVE-2026-47959HIGHCVSS 7.8EG 7.82026-06-09
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require…
- CVE-2026-48715HIGHCVSS 8.8EG 8.82026-06-19
radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisemen…
- CVE-2026-49014HIGHCVSS 7.8EG 7.42026-05-27
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The…
- CVE-2026-49033HIGHCVSS 7.8EG 7.82026-07-07
The application contains a stack-based buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code.
- CVE-2026-49759HIGHCVSS 8.2EG 8.22026-06-10
Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp_parse_error_chunk function in erts/emulator/drivers/com…
- CVE-2026-49760MEDIUMCVSS 5.5EG 5.52026-06-10
Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erl_interface/src/misc/ei_printterm.c and program routine ei_s_print_term. …
- CVE-2026-49789HIGHCVSS 7.3EG 7.32026-07-14
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.
- CVE-2026-49943MEDIUMCVSS 6.3EG 6.32026-06-02
CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_match() function uses a fixed-size stack array of 2048 + 1 pm_pos entri…
- CVE-2026-50031HIGHCVSS 7.5EG 7.52026-06-03
ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large …
- CVE-2026-50256HIGHCVSS 7.8EG 7.82026-06-05
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The serve…
- CVE-2026-50258HIGHCVSS 7.8EG 7.82026-06-05
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMa…
- CVE-2026-50259HIGHCVSS 7.8EG 7.82026-06-05
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a…
- CVE-2026-50304HIGHCVSS 7.5EG 7.52026-07-14
Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.
Map vulnerabilities like CWE-121 to your infrastructure
EchelonGraph correlates every CVE — across CWE-121 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →