CVE-2026-25206 - Vulnerability Details - OpenCVE

Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Samsung Open Source Subscribe	Escargot Subscribe

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Samsung Open Source Subscribe	Escargot Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/Samsung/escargot/pull/1554

History

Mon, 13 Apr 2026 14:30:00 +0000

Type	Values Removed	Values Added
Title		Escargot Resource Leak via Out-of-Bounds Read

Mon, 13 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 13 Apr 2026 13:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Samsung Open Source Samsung Open Source escargot
Vendors & Products		Samsung Open Source Samsung Open Source escargot

Mon, 13 Apr 2026 05:15:00 +0000

Type	Values Removed	Values Added
Description		Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
Weaknesses		CWE-125
References		https://github.com/Samsung/escargot/pull/1554
Metrics		cvssV3_1 `{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published: 2026-04-13T04:44:33.446Z

Updated: 2026-04-13T13:16:57.720Z

Reserved: 2026-01-30T06:07:11.090Z

Link: CVE-2026-25206

Vulnrichment

Updated: 2026-04-13T13:16:54.409Z

NVD

Status : Received

Published: 2026-04-13T05:16:02.540

Modified: 2026-04-13T05:16:02.540

Link: CVE-2026-25206

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-13T12:53:08Z

Weaknesses

CWE-125

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25206", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "state": "PUBLISHED", "assignerShortName": "samsung.tv_appliance", "dateReserved": "2026-01-30T06:07:11.090Z", "datePublished": "2026-04-13T04:44:33.446Z", "dateUpdated": "2026-04-13T13:16:57.720Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2026-04-13T05:40:35.061Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds read", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-131", "descriptions": [{"lang": "en", "value": "CAPEC-131 Resource Leak Exposure"}]}], "affected": [{"vendor": "Samsung Open Source", "product": "Escargot", "versions": [{"status": "affected", "version": "97e8115ab1110bc502b4b5e4a0c689a71520d335"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.<p>This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.</p>"}]}], "references": [{"url": "https://github.com/Samsung/escargot/pull/1554"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}}], "credits": [{"lang": "en", "value": "Sebasti\u00e1n Alba Vives / @Sebasteuo", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T13:16:49.823606Z", "id": "CVE-2026-25206", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T13:16:57.720Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25206", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-13T13:16:49.823606Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T13:16:54.409Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Sebasti\u00e1n Alba Vives / @Sebasteuo"}], "impacts": [{"capecId": "CAPEC-131", "descriptions": [{"lang": "en", "value": "CAPEC-131 Resource Leak Exposure"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Samsung Open Source", "product": "Escargot", "versions": [{"status": "affected", "version": "97e8115ab1110bc502b4b5e4a0c689a71520d335"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/Samsung/escargot/pull/1554"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.<p>This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds read"}]}], "providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2026-04-13T05:40:35.061Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25206", "state": "PUBLISHED", "dateUpdated": "2026-04-13T13:16:57.720Z", "dateReserved": "2026-01-30T06:07:11.090Z", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "datePublished": "2026-04-13T04:44:33.446Z", "assignerShortName": "samsung.tv_appliance"}, "dataVersion": "5.2"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "97e8115ab1110bc502b4b5e4a0c689a71520d335"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Escargot", "source": "cna", "vendor": "Samsung Open Source"}, "product": "escargot", "vendor": "samsung_open_source"}], "analysis": {"en": {"generated_at": "2026-04-13T06:51:58.973878+00:00", "value": {"mitigation_remediation": ["Apply the patch committed in the GitHub pull request linked in the advisory, which corrects the out-of-bounds read logic.", "If immediate patching is not possible, isolate or sandbox the Escargot engine to limit the impact of malicious inputs and monitor for abnormal memory access patterns."], "summary": {"action": "Immediate Patch", "impact": "Resource Leak Exposure"}, "threat_synthesis": {"affected_systems": "The flaw resides in Samsung Open Source Escargot and is identified by the commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335. No specific release or version number is enumerated in the advisory, so any revision that contains this commit remains vulnerable until a patch is applied.", "description_and_impact": "An out-of-bounds read flaw in Samsung Open Source Escargot permits the program to read memory beyond its intended boundary, exposing internal data structures and heap contents. Classified as CWE\u2011125, the vulnerability can disclose sensitive information without causing a crash or altering program state. It becomes exploitable when Escargot processes malformed inputs, enabling the reading of unintended memory regions.", "risk_and_exploitability": "The CVSS score of 6.7 indicates moderate severity, suggesting that an attacker can gain partial data disclosure but lacks the capability for remote code execution. The EPSS score is unavailable and the vulnerability has not been listed in the CISA KEV catalog, implying no confirmed public exploits are known. Exfiltration of data would likely be limited to environments where the Escargot engine is exposed to untrusted input; the vulnerability requires crafted input to trigger the out-of-bounds read."}}}}, "created": "2026-04-13T12:37:21.258569+00:00", "title": "Escargot Resource Leak via Out-of-Bounds Read", "updated": "2026-04-13T12:53:08.895376+00:00", "vendors": ["samsung_open_source", "samsung_open_source$PRODUCT$escargot"]}