Cyber Resilience

CVE-2026-30364

High

Published: 15 April 2026

Published
15 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0006 18.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30364 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 18.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-30364, published on 2026-04-15, is a stack overflow vulnerability (CWE-121) in the "Thread1" function of CentSDR at commit e40795. This affects the CentSDR software, a project likely related to software-defined radio applications, with a CVSS v3.1 base score of 7.5 rated as High.

The vulnerability enables remote attackers with network access to exploit it with low complexity, requiring no privileges, no user interaction, and resulting in unchanged scope. Successful exploitation leads to high-impact availability disruption (A:H), specifically denial of service through stack overflow-induced crashes, while causing no impact to confidentiality or integrity.

For mitigation guidance, refer to the provided advisories: a GitHub issue at https://github.com/ttrftech/CentSDR/issues/15 and a Gist detailing the issue at https://gist.github.com/k6dpvrmm8z-glitch/1687ad1d9fc1af696efa9f603c1006be.

EU & UK References

Vulnerability details

CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Stack overflow in network-accessible Thread1 function allows unauthenticated remote crash, directly enabling Endpoint Denial of Service via application exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2020-37198Shared CWE-121
CVE-2019-25328Shared CWE-121
CVE-2025-1758Shared CWE-121
CVE-2026-36837Shared CWE-121
CVE-2019-25340Shared CWE-121
CVE-2025-50659Shared CWE-121
CVE-2020-37122Shared CWE-121
CVE-2020-37136Shared CWE-121
CVE-2019-25341Shared CWE-121
CVE-2025-70252Shared CWE-121

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires identifying, reporting, and correcting software flaws like this stack overflow vulnerability through timely patching.

prevent

SI-16 implements memory protection mechanisms such as stack canaries and non-executable stacks that directly mitigate stack overflow exploits.

prevent

SI-10 enforces input validation to prevent malformed network inputs from triggering the stack overflow in Thread1.

References