CVE-2026-50593

HIGH 7.3

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

2th

Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.

CWE	CWE-191
Vendor	graphite project
Product	graphite
Published	Jun 5, 2026
Last Updated	Jun 5, 2026

Stay Ahead of the Next One

Get instant alerts for graphite project graphite

Be the first to know when new high vulnerabilities affecting graphite project graphite are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

Affected Versions

Graphite project / Graphite

0 < 1.3.15

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/silnrsi/graphite/commit/ad78c6b7319909e1540c1b134e115ced03417866 github.com: https://github.com/silnrsi/graphite/compare/1.3.14...1.3.15