CVE-2026-2653
HIGH7.8EPSS 0.01%Published: 2/18/2026Modified: 5/20/2026
Description
A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stl_check_normal_vector of the file src/normals.c. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. It looks like this product is not really maintained anymore.
Affected packages (2)
- Debian/admeshfrom 0
- PyPI/admeshfrom 0, < 0.98.6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References (8)
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-2653
- ADVISORYhttps://vuldb.com/?id.346450
- ADVISORYhttps://vuldb.com/?submit.752596
- EXPLOIThttps://github.com/user-attachments/files/24878279/id.000035.sig.06.src.000550.time.910126.execs.241742.op.havoc.rep.5.zip
- REPORThttps://github.com/admesh/admesh/issues/65
- REPORThttps://github.com/admesh/admesh/issues/65#issuecomment-3804571402
- REPORThttps://vuldb.com/?ctiid.346450
- WEBhttps://github.com/admesh/admesh/