CVE-2026-1763
Buffer Overflow in GE Vernova Enervista UR Setup
Publication date: 2026-02-10
Last updated on: 2026-03-04
Assigner: General Electric (Gas Power)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ge | vernova_enervista | to 8.6 (exc) |
| ge | enervista | to 8.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-35 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in GE Vernova Enervista UR Setup on Windows, specifically affecting version 8.6 and earlier. It has a CVSS v3.1 base score of 4.6, indicating a medium severity issue. The vulnerability requires physical attack vector (AV:P), low attack complexity (AC:L), high privileges (PR:H), no user interaction (UI:N), unchanged scope (S:U), low confidentiality impact (C:L), high integrity impact (I:H), and no availability impact (A:N).
How can this vulnerability impact me? :
The vulnerability can impact the integrity of the affected system, potentially allowing an attacker with high privileges and physical access to cause unauthorized changes. Confidentiality impact is low, and availability is not affected. Because it requires physical access and high privileges, the risk is somewhat limited but could still lead to significant integrity issues.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know