CVE-2026-15274
Deferred Deferred - Pending Action

Denial of Service in lo48576 fbxcel

Vulnerability report for CVE-2026-15274, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-10

Assigner: VulDB

Description

A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the file src/pull_parser/v7400/parser.rs of the component Node Header Handler. The manipulation results in denial of service. The attack must be initiated from a local position. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-10
Generated
2026-07-11
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
lo48576 fbxcel to 0.9.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the lo48576 fbxcel software up to version 0.9.0, specifically in the file src/pull_parser/v7400/parser.rs within the Node Header Handler component. It allows an attacker with local access to manipulate the system in a way that causes a denial of service.

Impact Analysis

The impact of this vulnerability is a denial of service, meaning that the affected software or system could become unavailable or unresponsive when exploited by an attacker with local access.

Detection Guidance

This vulnerability involves processing malformed FBX files with large or malformed length prefixes that cause denial of service via memory exhaustion or arithmetic overflow.

Detection can focus on monitoring applications that use the fbxcel library, especially those parsing FBX files locally.

Since the attack must be initiated locally and involves malformed FBX files, you can detect suspicious FBX files by checking for unusually large attribute length fields or monitoring application crashes related to FBX parsing.

No specific commands are provided in the resources, but you might use file inspection or custom scripts to parse FBX files and check for abnormal length prefixes in attributes.

Mitigation Strategies

Immediate mitigation involves avoiding processing untrusted or malformed FBX files locally, as the vulnerability requires local attack initiation.

If you maintain software using the fbxcel library, apply the fix from the pending pull request that replaces unchecked arithmetic with safe checked operations to prevent panics and overflows.

Additionally, implement validation to check length prefixes before allocating memory to prevent excessive or out-of-memory allocations.

Until the fix is accepted and deployed, restrict access to the vulnerable component and monitor for abnormal memory usage or crashes during FBX file processing.

Compliance Impact

The vulnerability results in a denial of service that must be initiated locally and does not impact confidentiality or integrity.

Since the vulnerability does not involve data breach or unauthorized data access, it is unlikely to directly affect compliance with standards such as GDPR or HIPAA, which primarily focus on data protection and privacy.

However, denial of service could indirectly impact availability requirements under some regulations, but given the low severity score and local attack vector, the compliance impact is minimal.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15274. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart