CVE-2026-42467
Deferred Deferred - Pending Action
Denial of Service in Open-SAE-J1939 via J1939 Bus

Publication date: 2026-05-01

Last updated on: 2026-05-05

Assigner: MITRE

Description
An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Binary_Data_Transfer_DM16 causing a denial of service via crafted CAN frame on the J1939 bus.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-14
NVD
CVE-2026-42467
EUVD
EUVD-2026-26695
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
open-sae j1939 From b6caf884df46435e539b1ecbf92b6c29b345bdfe (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Open-SAE-J1939 software, specifically in the function SAE_J1939_Read_Binary_Data_Transfer_DM16. It can be triggered by sending a specially crafted CAN frame on the J1939 bus, which causes a denial of service condition.

Impact Analysis

The impact of this vulnerability is a denial of service, meaning that the affected system or component may become unresponsive or fail to operate correctly when exposed to a crafted CAN frame on the J1939 bus.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by monitoring for crafted CAN frames on the J1939 bus that cause abnormal behavior or denial of service in the Open-SAE-J1939 library. Detection involves inspecting CAN traffic for malformed or suspicious frames that trigger buffer overflow conditions.

Specific commands are not provided in the available resources, but generally, you can use CAN bus monitoring tools such as candump or can-utils to capture and analyze CAN frames. For example, running 'candump can0' on a Linux system with CAN interface can help capture CAN frames for manual inspection.

Additionally, you may implement custom scripts or tools to parse captured CAN frames and check for abnormal frame sizes or unexpected data patterns that could indicate exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include filtering or blocking malformed CAN frames on the J1939 bus to prevent crafted frames from reaching vulnerable Open-SAE-J1939 components.

Applying patches or updates to the Open-SAE-J1939 library that fix the buffer overflow vulnerability is critical once they become available.

In the meantime, restricting access to the CAN bus to trusted devices and monitoring for unusual CAN traffic patterns can reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42467. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart