CVE-2026-56786
Severity CVSS v4.0:
CRITICAL
Type:
CWE-787
Out-of-bounds Write
Publication date:
25/06/2026
Last modified:
26/06/2026
Description
RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially achieving arbitrary code execution or denial of service.
Impact
Base Score 4.0
9.30
Severity 4.0
CRITICAL
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:rtklib:rtklib:*:*:*:*:*:*:*:* | 2.4.3 (including) |
To consult the complete list of CPE names with products and versions, see this page



