CVE-2026-56788 | RTKLIB through 2.4.3 contains an out-of-bounds read vulnerab… | CVSS 4.4 MEDIUM

Description

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.

Metadata

CVE ID: CVE-2026-56788
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-23 01:24 UTC
Published: 2026-06-25 18:13 UTC
Last updated: 2026-06-25 18:13 UTC
Primary CWE: CWE-125
Out-of-bounds Read
Vendor / Product: tomojitakasu / RTKLIB
Sources: cve.org · NVD

Severity & Metrics

4.4 MEDIUM CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products (1)

Vendor	Product	Platform	Versions
tomojitakasu	RTKLIB	—	0 ≤ 2.4.3

Weakness (CWE)

CWE	Source	Description
CWE-125	cna	Out-of-bounds Read

CVSS scores (2)

Score	Severity	Version	Source	Vector
4.8	MEDIUM	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
4.4	MEDIUM	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

References (2)