Cyber Resilience

CVE-2026-2644

MediumPublic PoC

Published: 18 February 2026

Published
18 February 2026
Modified
20 February 2026
KEV Added
Patch
CVSS Score v4 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0001 2.0th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2644 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Minisat Minisat. Its CVSS base score is 4.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 2.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).

Deeper analysis

CVE-2026-2644 is an out-of-bounds read vulnerability in niklasso minisat versions up to 2.2.0. The issue resides in the Solver::value function within the core/SolverTypes.h library file, specifically in the DIMACS File Parser component. It is triggered by manipulating the argument variable index with the input value 2147483648, leading to an out-of-bounds read. The vulnerability is associated with CWEs 119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), 125 (Out-of-bounds Read), and 787 (Out-of-bounds Write), and carries a CVSS v3.1 base score of 3.3.

Exploitation requires local access with low privileges (AV:L/AC:L/PR:L), no user interaction (UI:N), and results in unchanged scope (S:U). Attackers can achieve a low-impact denial of service (A:L) with no effects on confidentiality or integrity (C:N/I:N), likely manifesting as a crash or program termination. The attack must be launched locally, and a public exploit is available.

Advisories reference the minisat GitHub repository and issue #55, where the project was informed early via an issue report but has not yet responded or issued patches. VulDB entries (ctiid.346406 and id.346406) document the vulnerability details. No mitigations or patches are currently available from the project.

An exploit has been made publicly available, increasing the risk for local users or systems processing untrusted DIMACS input files with affected minisat versions.

EU & UK References

Vulnerability details

A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation of the argument variable index with the input 2147483648 causes out-of-bounds…

more

read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Out-of-bounds read in local DIMACS parser directly enables application crash/DoS via crafted input file (AV:L), matching T1499.004 Application or System Exploitation; no RCE, priv-esc, or remote vectors indicated.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-2662Shared CWE-119, CWE-125
CVE-2026-3386Shared CWE-119, CWE-125
CVE-2026-2659Shared CWE-119, CWE-125
CVE-2026-27890Shared CWE-119, CWE-787
CVE-2026-2858Shared CWE-119, CWE-125
CVE-2026-3731Shared CWE-119, CWE-125
CVE-2026-3663Shared CWE-119, CWE-125
CVE-2026-5315Shared CWE-119, CWE-125
CVE-2026-5314Shared CWE-119, CWE-125
CVE-2024-13903Shared CWE-119, CWE-787

Affected Assets

minisat
minisat
≤ 2.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of DIMACS file inputs (variable indices) to reject out-of-bounds values such as 2147483648 before they reach Solver::value.

prevent

Applies memory-protection mechanisms that can block or contain the out-of-bounds read triggered by the malformed variable index in core/SolverTypes.h.

prevent

Ensures graceful error handling for invalid parser input, preventing the low-impact denial-of-service crash that results from the out-of-bounds read.

References