CVE-2026-5473
Deserialization Vulnerability in NASA cFS Pickle Module
Publication date: 2026-04-03
Last updated on: 2026-04-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nasa | core_flight_system | to 7.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5473 is a vulnerability in NASA's Core Flight System (cFS) Ground System related to the unsafe use of Python's pickle.load() function. The vulnerability arises because the system deserializes command and parameter definition files using pickle.load() without verifying their integrity. Since Python's pickle module can execute arbitrary code during deserialization, an attacker who can modify these .pickle files can execute arbitrary operating system commands when the operator opens the corresponding command page in the Ground System GUI.
The attack requires local access and is complex to perform, but once exploited, it allows arbitrary code execution on the operator's workstation. The vulnerability exists in multiple files within the cFS-GroundSystem codebase where pickle.load() is used unsafely.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution on the operator's workstation running the cFS Ground System. Since the operator's workstation typically has network access to mission-critical systems, an attacker exploiting this vulnerability could compromise the ground station environment.
Such a compromise could allow attackers to execute malicious commands, potentially disrupting mission operations, stealing sensitive data, or launching further attacks within the network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unsafe use of Python's pickle.load() function in the cFS-GroundSystem, specifically loading .pickle files from CommandFiles/ or ParameterFiles/ directories without integrity verification.
To detect this vulnerability on your system, you can check for the presence of pickle.load() calls in the following files and lines within the cFS-GroundSystem source code:
- tools/cFS-GroundSystem/Subsystems/cmdGui/UdpCommands.py (lines 68-69, 177-178)
- tools/cFS-GroundSystem/Subsystems/cmdGui/CommandSystem.py (lines 71-72)
- tools/cFS-GroundSystem/Subsystems/cmdGui/Parameter.py (lines 130-132)
You can use commands like grep to search for pickle.load usage in the codebase, for example:
- grep -nR "pickle.load" tools/cFS-GroundSystem/
Additionally, to detect if malicious pickle files exist in the CommandFiles/ or ParameterFiles/ directories, you can list and inspect files in these directories for unexpected or recently modified .pickle files.
- ls -l tools/cFS-GroundSystem/CommandFiles/
- ls -l tools/cFS-GroundSystem/ParameterFiles/
Since the vulnerability requires local access and the exploit is triggered when the operator opens the corresponding command page in the GUI, monitoring for unusual or unauthorized changes to these pickle files can help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation is to avoid loading .pickle files without integrity verification, as the pickle module can execute arbitrary code during deserialization.
Specifically, you should:
- Replace the use of Python's pickle.load() with a safe serialization format such as JSON, which does not allow arbitrary code execution.
- Avoid using or opening any untrusted or modified .pickle files in the CommandFiles/ and ParameterFiles/ directories.
- Restrict local access to the system to trusted users only, since the attack requires local execution.
- Monitor and audit changes to the .pickle files in the relevant directories to detect potential tampering.
Long-term mitigation involves updating the cFS-GroundSystem code to remove unsafe pickle.load() calls and replace them with secure deserialization methods.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in NASA cFS involves arbitrary code execution through unsafe deserialization using Python's pickle.load() in the cFS-GroundSystem. This vulnerability could potentially lead to unauthorized access or manipulation of mission-critical systems.
While the provided information does not explicitly mention compliance with standards such as GDPR or HIPAA, the ability for an attacker to execute arbitrary code on operator workstations that have network access to critical systems could pose risks related to data confidentiality, integrity, and availability.
Such risks may impact compliance with regulations that require protection of sensitive data and secure system operations, as unauthorized code execution could lead to data breaches or system compromise.
The recommended mitigation is to replace the insecure pickle deserialization with safer alternatives like JSON and to implement integrity verification, which would help reduce the risk of non-compliance with security requirements in these standards.