CVE Catalog

CVE-2026-14605

HighCVSS 7.8
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

A vulnerability was found in RT-Thread up to version 5.0.2 in the recvmsg function of the ls1c_can.h file within the ls1c CAN Handler component. This issue leads to a stack-based buffer overflow, potentially allowing a local attacker to execute code or crash the system. The exploit is publicly available, and the vendor did not respond to the disclosure.

Risk Assessment

The organization is at risk from local attacks that could lead to system compromise or denial of service, especially in environments with local access to RT-Thread devices.

Recommendation

Immediately apply available patches or upgrade to a version above 5.0.2 if available. If no update is available, restrict local access to the system and monitor for unusual behavior.

Original NVD description (English source)

A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulnerability is the function recvmsg in the library bsp/loongson/ls1cdev/libraries/ls1c_can.h of the component ls1c CAN Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS