CVE-2026-60073
Received Received - Intake

Out-of-Bounds Read in Productivity Suite

Vulnerability report for CVE-2026-60073, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: ICS-CERT

Description

An out-of-bounds read in the Productivity Suite allows a physical attacker to control the length of data sent to a USB device. This can lead to a system crash or disclosure of kernel memory.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds read in the Productivity Suite that allows a physical attacker to control the length of data sent to a USB device. This can cause a system crash or expose kernel memory.

Detection Guidance

This vulnerability involves an out-of-bounds read in a Productivity Suite that could be triggered by a physical attacker manipulating USB device data. Detection may require monitoring USB device interactions and kernel memory access patterns. No specific commands are provided in the available context.

Impact Analysis

An attacker could exploit this to crash your system or access sensitive kernel memory, potentially leading to unauthorized data access or denial of service.

Compliance Impact

This vulnerability could potentially impact compliance with GDPR and HIPAA by enabling unauthorized access to kernel memory, which may expose sensitive data. An out-of-bounds read could lead to information disclosure, violating confidentiality requirements under these regulations.

Mitigation Strategies

Disable or restrict physical USB access to systems running the Productivity Suite. Update the affected software to the latest patched version if available. Monitor system logs for unusual USB device interactions or crashes.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-60073. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart