CVE-2026-29795
Published: 06 March 2026
Summary
CVE-2026-29795 is a medium-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Stellar Stellar-Xdr. Its CVSS base score is 4.0 (Medium).
Operationally, ranked at the 10.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).
Deeper analysis
CVE-2026-29795 affects the stellar-xdr library and CLI, which provide types and functionality for working with Stellar XDR. Prior to version 25.0.1, the StringM::from_str function fails to validate that input strings do not exceed the declared maximum length (MAX). When calling StringM::<N>::from_str(s) with a string longer than N bytes, the function returns Ok instead of Err(Error::LengthExceedsMax), creating a StringM instance that violates its length invariant. This impacts any code constructing StringM values from string inputs via FromStr (including str::parse) while assuming the maximum length constraint is enforced.
A local attacker with no privileges required can exploit this vulnerability with low complexity and no user interaction. By supplying an oversized string to affected parsing functions, they can generate invalid StringM values. These oversized instances may propagate through serialization, validation, or other logic that relies on the length invariant, potentially leading to integrity violations in dependent applications, as indicated by the CVSS v3.1 score of 4.0 (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) and associated CWE-770.
The issue has been addressed in version 25.0.1 of stellar-xdr. The Stellar security advisory (GHSA-x57h-xx53-v53w), related GitHub issue #499, pull request #500, and patching commit 1f840013c3e2fca0321fb844b048afa01d10dda6 provide details on the fix, recommending an upgrade to the patched version to enforce proper length validation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10071
Vulnerability details
stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::from_str does not validate that the input length is within the declared maximum (MAX). Calling StringM::<N>::from_str(s) where s is longer than…
more
N bytes succeeds and returns an Ok value instead of Err(Error::LengthExceedsMax), producing a StringM that violates its length invariant. This affects any code that constructs StringM values from string input using FromStr (including str::parse), and relies on the type's maximum length constraint being enforced. An oversized StringM could propagate through serialization, validation, or other logic that assumes the invariant holds. This issue has been patched in version 25.0.1.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all input strings against length constraints before StringM construction, blocking the exact FromStr bypass described.
Requires integrity verification of data structures, enabling detection of StringM instances that violate their declared length invariant after parsing.
Mandates proper error handling so that length-exceeding inputs produce Err rather than silently returning an invalid Ok value.