Home / Vulnerability Intelligence / CVE-2026-29648

CVE-2026-29648 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: April 21, 2026

OpenXiangShan NEMU - Broken Access Control

Published: April 20, 2026Updated: April 21, 2026Remote Exploitable

Overview

OpenXiangShan NEMU contains a broken access control caused by improper clearing of mstateen0.ENVCFG when Smstateen is enabled, letting less-privileged code read or write henvcfg and senvcfg CSRs without exception, exploit requires Smstateen enabled.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Less-privileged code can bypass isolation controls to read or write sensitive CSRs, risking privilege escalation or security boundary bypass.

Mitigation

Update to the latest version with proper mstateen0.ENVCFG handling.

References

https://github.com/OpenXiangShan/XiangShan/pull/3978
https://docs.riscv.org/reference/isa/priv/smstateen.html
https://github.com/OpenXiangShan/NEMU/issues/690

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-29648
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: rejected

CWE

CWE-269

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H