CVE-2026-56788

MEDIUM 4.4

RTKLIB 2.4.3 - Out-of-bounds Read via Negative Array Index in getcodepri

CVSS Score

4.4

EPSS Score

0.0%

EPSS Percentile

0th

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data.

CWE	CWE-125
Vendor	tomojitakasu
Product	rtklib
Published	Jun 25, 2026

Stay Ahead of the Next One

Get instant alerts for tomojitakasu rtklib

Be the first to know when new medium vulnerabilities affecting tomojitakasu rtklib are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Affected Versions

tomojitakasu / RTKLIB

0 ≤ 2.4.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/tomojitakasu/RTKLIB/issues/797 vulncheck.com: https://www.vulncheck.com/advisories/rtklib-out-of-bounds-read-via-negative-array-index-in-getcodepri

Credits

FuzzingLabs