Cyber Resilience

CVE-2026-22026

HighPublic PoC

Published: 10 January 2026

Published
10 January 2026
Modified
16 January 2026
KEV Added
Patch
CVSS Score v4 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0054 41.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-22026 is a high-severity Memory Allocation with Excessive Size Value (CWE-789) vulnerability in Nasa Cryptolib. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 41.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2026-22026 affects CryptoLib, a software-only library implementing the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) for securing communications between spacecraft running NASA's core Flight System (cFS) and ground stations. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client suffers from unbounded memory growth due to reallocating response buffers without size limits or overflow checks, as associated with CWE-789 (Uncontrolled Memory Allocation). This vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for high-impact availability disruption.

A remote attacker positioned as a malicious KMC server can exploit this issue by crafting and returning arbitrarily large HTTP responses to a vulnerable client. No privileges, user interaction, or special conditions are required, enabling exploitation over the network with low complexity. Successful attacks force the client process to allocate excessive memory, leading to denial-of-service via out-of-memory termination by the operating system.

NASA's GitHub security advisory (GHSA-w9cm-q69w-34x7), release notes for v1.4.3, and the patching commit (2372efd3da1ccb226b4297222e25f41ecc84821d) confirm the issue is fully addressed in CryptoLib version 1.4.3, recommending immediate upgrades for affected deployments.

EU & UK References

Vulnerability details

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback…

more

function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability enables remote exploitation of uncontrolled memory allocation in the client to force OOM termination, directly mapping to application/system exploitation for endpoint denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-29910Same product: Nasa Cryptolib
CVE-2026-21898Same product: Nasa Cryptolib
CVE-2026-22023Same product: Nasa Cryptolib
CVE-2025-29911Same product: Nasa Cryptolib
CVE-2025-54878Same product: Nasa Cryptolib
CVE-2025-30216Same product: Nasa Cryptolib
CVE-2025-29909Same product: Nasa Cryptolib
CVE-2026-21897Same product: Nasa Cryptolib
CVE-2026-22697Same product: Nasa Cryptolib
CVE-2025-29912Same product: Nasa Cryptolib

Affected Assets

nasa
cryptolib
≤ 1.4.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of HTTP response inputs to the libcurl write_callback, preventing unbounded memory allocation from arbitrarily large responses.

prevent

Directly protects against denial-of-service attacks exploiting unbounded memory growth via oversized network responses from a malicious KMC server.

prevent

Ensures availability of critical memory resources by establishing allocation limits and protections against exhaustion from uncontrolled reallocations.

References