CVE-2026-56788
MediumCVSS 4.4Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
RTKLIB through version 2.4.3 contains an out-of-bounds read vulnerability in the getcodepri function when processing unrecognized RINEX observation codes. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.
Risk Assessment
An attacker can exploit this vulnerability to cause a denial of service (DoS) by providing a malicious RINEX file, potentially disrupting systems using RTKLIB. Additionally, there is a risk of leaking sensitive data from memory.
Recommendation
It is recommended to update RTKLIB to the latest version that fixes this vulnerability. If an update is not possible, avoid processing untrusted RINEX files.
Original NVD description (English source)
RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.

