CWE-617— Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.— MITRE CWE catalog
723 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-617page 15 of 15
- CVE-2026-47146MEDIUMCVSS 6.5EG 6.52026-06-25
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster…
- CVE-2026-48852LOWCVSS 3.7EG 3.72026-05-25
PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification.
- CVE-2026-50721MEDIUMCVSS 5.9EG 8.12026-07-02
Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS #1 RSA Encryption as per RFC 2313. A remot…
- CVE-2026-50722MEDIUMCVSS 5.9EG 8.12026-07-02
Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote attacker can us…
- CVE-2026-5170MEDIUMCVSS 5.3EG 5.32026-03-30
A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This…
- CVE-2026-52718MEDIUMCVSS 6.5EG 6.52026-06-15
A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchroniz…
- CVE-2026-53169MEDIUMCVSS 5.5EG 5.52026-06-25
In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject NPU_OP_RESIZE commands from userspace NPU_OP_RESIZE is a U85-only command that the driver does not yet implement. The existing WARN_ON(1) placeholde…
- CVE-2026-53285MEDIUMCVSS 5.5EG 5.52026-06-26
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED [Why] dcn32_validate_bandwidth() wraps dcn32_internal_validate_bw() with DC_FP_STA…
- CVE-2026-53292MEDIUMCVSS 5.5EG 5.52026-06-26
In the Linux kernel, the following vulnerability has been resolved: net: phonet: do not BUG_ON() in pn_socket_autobind() on failed bind syzbot reported a kernel BUG triggered from pn_socket_sendmsg() via pn_socket_autobind(): kernel B…
- CVE-2026-53319MEDIUMCVSS 5.5EG 5.52026-06-26
In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default() wbt_init_enable_default() uses WARN_ON_ONCE to check for failures from wbt_alloc() and wbt_init(). However, b…
- CVE-2026-55514MEDIUMCVSS 6.5EG 6.52026-07-06
vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting d…
- CVE-2026-58307MEDIUMCVSS 6.1EG 6.12026-07-09
Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c.
- CVE-2026-5946HIGHCVSS 7.5EG 7.52026-05-20
Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question sec…
- CVE-2026-8257LOWCVSS 3.3EG 3.32026-05-11
A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable asser…
- CVE-2026-8843MEDIUMCVSS 6.5EG 6.52026-05-18
Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryabl…
- CVE-2026-8852MEDIUMCVSS 6.2EG 6.22026-05-26
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module.
- CVE-2026-9501LOWCVSS 3.3EG 3.32026-05-25
A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. T…
- CVE-2026-9718MEDIUMCVSS 6.5EG 6.52026-06-25
CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impacting system availability when a specially crafted request is sent to a vulnerable network-exposed se…
- CVE-2026-9746MEDIUMCVSS 6.5EG 6.52026-06-09
When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement.
- CVE-2026-9747MEDIUMCVSS 6.5EG 6.52026-06-09
Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server.
- CVE-2026-9748MEDIUMCVSS 6.5EG 6.52026-06-09
The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal sign…
- CVE-2026-9749MEDIUMCVSS 6.5EG 6.52026-06-09
This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buf…
- CVE-2026-9750MEDIUMCVSS 6.5EG 6.52026-06-09
An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-contr…
Map vulnerabilities like CWE-617 to your infrastructure
EchelonGraph correlates every CVE — across CWE-617 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →