CVE-2026-37539 | Buffer overflow vulnerability in cannelloni v2.0.0 in CAN fr… | CVSS 9.8 CRITICAL

Description

Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted CAN FD frames.

Metadata

CVE ID: CVE-2026-37539
State: PUBLISHED
Assigner: mitre
Reserved: 2026-04-06 00:00 UTC
Published: 2026-05-01 00:00 UTC
Last updated: 2026-05-01 17:38 UTC
Primary CWE: CWE-121
CWE-121 Stack-based Buffer Overflow
Vendor / Product: n/a / n/a
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
n/a	n/a	—	n/a

Weakness (CWE)

CWE	Source	Description
—	cna	n/a
CWE-121	adp	CWE-121 Stack-based Buffer Overflow

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

References (2)