Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2026-0849

CVE-2026-0849

LOW3.8

crypto: ATAES132A response length allows stack buffer overflow

Published Mar 14, 2026

Modified Today

Details

Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.

References

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-ff4p-3ggg-prp6

https://www.cve.org/CVERecord?id=CVE-2026-0849

CVSS Analysis

CVSS v3.1

3.8

Exploitability

Attack Vector

PhysicalAV:P

Attack Complexity

HighAC:H

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

LowI:L

Availability

LowA:L

3.8/CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Weakness Type (CWE)

Memory Safety

Classic Buffer Overflow

Ecosystems

Timeline

PublishedMar 14, 2026

ModifiedMar 14, 2026

CVE-2026-0849 | Mondoo Vulnerability Intelligence