CVE Catalog

CVE-2026-0127

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

In the NrmmMsgCodec::DecodeUPUTransparentContext function of cn_NrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communication processor crash with no additional execution privileges needed.

Risk Assessment

This vulnerability may lead to a crash of the communication system, potentially disrupting services within the organization. The lack of user interaction required increases the risk of remote exploitation.

Recommendation

It is recommended to update the software to the latest version to mitigate this vulnerability and to monitor systems for potential attack attempts.

Original NVD description (English source)

In NrmmMsgCodec::DecodeUPUTransparentContext of cn_NrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communication processor crash with no additional execution privileges needed. User interaction is not needed for exploitation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS