9.8
CVE-2026-22904
- EPSS 0.18%
- Veröffentlicht 09.02.2026 07:40:00
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
Stack Overflow via Oversized Cookie Fields in lighttpd
Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote code execution.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerWAGO
≫
Produkt
0852-1322
Default Statusunaffected
Version <=
2.64
Version
0.0.0
Status
affected
HerstellerWAGO
≫
Produkt
0852-1328
Default Statusunaffected
Version <=
2.64
Version
0.0.0
Status
affected
HerstellerWAGO
≫
Produkt
0852-1322
Default Statusunaffected
Version
2.64
Status
affected
HerstellerWAGO
≫
Produkt
0852-1328
Default Statusunaffected
Version
2.64
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.388 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).