Home / Vulnerability Intelligence / CVE-2026-37537

CVE-2026-37537 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: May 1, 2026

collin80 Open-SAE-J1939 - Integer Overflow

Published: May 1, 2026Updated: May 1, 2026

Overview

collin80/Open-SAE-J1939 contains an integer underflow caused by subtracting 1 from a sequence number in Transport Protocol Data Transfer handling, letting attackers cause out-of-bounds write, exploit requires crafted CAN frame with sequence number 0.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Attackers can cause out-of-bounds write, potentially leading to memory corruption or denial of service.

Mitigation

Update to the latest version including the fix for integer underflow in Transport Protocol Data Transfer handling.

References

https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381
https://github.com/DanielMartensson/Open-SAE-J1939
https://github.com/collin80/Open-SAE-J1939

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-37537
Severity: High
CVSS Score: 8.1
Type: integer_overflow
Status: new

CVSS Metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H