CVE-2026-56790

HIGH 7.3

CANBoat - Off-by-One Global Buffer Overflow in searchForPgn()

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or N2K-over-IP to trigger an out-of-bounds array access and denial of service.

CWE	CWE-193
Vendor	canboat
Product	canboat
Published	Jun 25, 2026

Stay Ahead of the Next One

Get instant alerts for canboat canboat

Be the first to know when new high vulnerabilities affecting canboat canboat are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

Affected Versions

canboat / canboat

0 ≤ 6.22

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/canboat/canboat/issues/644 github.com: https://github.com/canboat/canboat/pull/649 github.com: https://github.com/canboat/canboat/commit/a5a22b74b9ac5688019cba62669df08562cebd6f vulncheck.com: https://www.vulncheck.com/advisories/canboat-off-by-one-global-buffer-overflow-in-searchforpgn

Credits

FuzzingLabs