← back
CVE-2026-56790

CANBoat - Off-by-One Global Buffer Overflow in searchForPgn()

CVSS 7 HIGHEPSS 0.2%CWE-193
Vexday Risk Score
41Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 7EPSS 0.2%KEV nãoPoC públicaNuclei Metasploit Patch referenciado
Lifecycle
25 Jun 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or N2K-over-IP to trigger an out-of-bounds array access and denial of service.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
canboat · canboat
public PoCs found1
cve_referencegithub.com/canboat/canboat/issues/644unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/canboat/canboat/commit/a5a22b74b9ac5688019cba62669df08562cebd6fhttps://github.com/canboat/canboat/issues/644https://github.com/canboat/canboat/pull/649https://www.vulncheck.com/advisories/canboat-off-by-one-global-buffer-overflow-in-searchforpgn