CVE-2026-15352
Received Received - Intake

Segmentation Fault in NASA cFS Health & Safety Application

Vulnerability report for CVE-2026-15352, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: ICS-CERT

Description

A vulnerability exists in the Health & Safety (HS) application of NASA's Core Flight System (cFS). The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-17
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
nasa core_flight_system 7.0.1
nasa hs 7.0.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a flaw in NASA's Core Flight System (cFS) Health & Safety (HS) application. It causes the application to crash via a segmentation fault when processing a routine Housekeeping Telemetry request, resulting in a denial of service.

Detection Guidance

Detecting this vulnerability requires monitoring for crashes in the Health & Safety (HS) application of NASA's Core Flight System (cFS) when processing Housekeeping Telemetry requests. Check system logs for segmentation faults or application crashes during routine telemetry processing. Monitor network traffic for unusual patterns targeting the HS application. Ensure the HS application version is below 7.0.1, as this version is vulnerable.

Impact Analysis

An attacker could exploit this flaw to crash the HS application, causing a denial of service. This would disrupt normal operations of the system relying on cFS, potentially leading to loss of critical functions in aerospace or other safety-related applications.

Compliance Impact

The vulnerability causes a denial-of-service via application crash, which could disrupt critical operations in systems handling sensitive data. This may impact compliance with regulations like GDPR (data availability) or HIPAA (service continuity) if the affected Health & Safety application processes protected health information or personal data.

Mitigation Strategies

Immediately update the Health & Safety (HS) application to version 7.0.1 or later to patch the vulnerability. Isolate control systems behind firewalls and minimize network exposure. Use secure remote access methods like VPNs. Follow additional cybersecurity best practices such as monitoring for unusual activity and applying principle of least privilege.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15352. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart