CVE-2026-10703
6.3 MEDIUMA security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0
Published: 2026-06-03 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 6.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-119, CWE-416
Description
A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10703
- [Other]https://github.com/EIPStackGroup/OpENer/
- [Other]https://github.com/EIPStackGroup/OpENer/issues/566
- [Other]https://github.com/user-attachments/files/27100961/poc.zip
- [Other]https://vuldb.com/cve/CVE-2026-10703
- [Other]https://vuldb.com/submit/830921
- [Other]https://vuldb.com/vuln/368016
- [Other]https://vuldb.com/vuln/368016/cti
Related CVEs
Same CWE
- CVE-2026-12035 — Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corrupt...
- CVE-2026-12029 — Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer pr... (8.3 HIGH)
- CVE-2026-12028 — Use after free in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer proc... (8.3 HIGH)
- CVE-2026-12023 — Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process ... (8.3 HIGH)
- CVE-2026-12020 — Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corrupti... (8.8 HIGH)