CVE-2026-10719
Out-of-Bounds Write in openSeaChest via NVMe Device
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: Seagate Technology
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| seagate | openseachest | 25.05.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out of bounds write issue in the openSeaChest software, specifically in the --showSupportedFormats feature of Seagate's openSeaChest version 25.05.3. It occurs on all supported platforms and allows writing one extra byte outside of the allocated memory. This happens when a maliciously crafted NVMe device provides a bogus value in the namespace FLBAS byte, causing the software to set a value to 1 outside its intended memory boundary.
How can this vulnerability impact me? :
The vulnerability allows writing one extra byte outside of allocated memory, which can lead to memory corruption. Although the CVSS base score is low (1.8), indicating limited impact, such memory corruption could potentially cause unexpected behavior, crashes, or data integrity issues when interacting with malicious NVMe devices.