Home / Vulnerability Intelligence / CVE-2026-29972

CVE-2026-29972 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: May 8, 2026

nanoMODBUS - Buffer Overflow

Published: May 8, 2026Updated: May 8, 2026Remote Exploitable

Overview

nanoMODBUS through v1.22.0 contains a stack-based buffer overflow caused by improper validation of byte_count in recv_read_registers_res(), letting a malicious Modbus TCP server cause buffer overflow and potentially remote code execution, exploit requires a malicious server response.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

A malicious Modbus TCP server can cause buffer overflow leading to potential remote code execution on the client system.

Mitigation

Update nanoMODBUS to a version later than v1.22.0 or the latest available version.

References

https://gist.github.com/dwilliams27/a4e26fe747c8561d608f7549804bd85f
https://github.com/debevv/nanoMODBUS
https://github.com/debevv/nanoMODBUS/blob/master/nanomodbus.c#L580-L615

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-29972
Severity: High
CVSS Score: 8.2
Type: buffer_overflow
Status: new

CWE

CWE-121

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H