CVE-2026-30364

High

Published: 15 April 2026

Published

15 April 2026

Modified

17 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0005 16.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30364 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 16.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires identifying, reporting, and correcting software flaws like this stack overflow vulnerability through timely patching.

SI-16 Memory Protection good match

prevent

SI-16 implements memory protection mechanisms such as stack canaries and non-executable stacks that directly mitigate stack overflow exploits.

SI-10 Information Input Validation partial match

prevent

SI-10 enforces input validation to prevent malformed network inputs from triggering the stack overflow in Thread1.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Stack overflow in network-accessible Thread1 function allows unauthenticated remote crash, directly enabling Endpoint Denial of Service via application exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.

Deeper analysisAI

CVE-2026-30364, published on 2026-04-15, is a stack overflow vulnerability (CWE-121) in the "Thread1" function of CentSDR at commit e40795. This affects the CentSDR software, a project likely related to software-defined radio applications, with a CVSS v3.1 base score of 7.5 rated as High.

The vulnerability enables remote attackers with network access to exploit it with low complexity, requiring no privileges, no user interaction, and resulting in unchanged scope. Successful exploitation leads to high-impact availability disruption (A:H), specifically denial of service through stack overflow-induced crashes, while causing no impact to confidentiality or integrity.

For mitigation guidance, refer to the provided advisories: a GitHub issue at https://github.com/ttrftech/CentSDR/issues/15 and a Gist detailing the issue at https://gist.github.com/k6dpvrmm8z-glitch/1687ad1d9fc1af696efa9f603c1006be.

Details

CWE(s): CWE-121

CVEs Like This One

CVE-2025-50659Shared CWE-121

CVE-2026-36837Shared CWE-121

CVE-2024-52924Shared CWE-121

CVE-2025-63658Shared CWE-121

CVE-2025-70307Shared CWE-121

CVE-2025-70304Shared CWE-121

CVE-2025-70252Shared CWE-121

CVE-2026-25833Shared CWE-121

CVE-2025-57085Shared CWE-121

CVE-2025-71020Shared CWE-121

References

https://gist.github.com/k6dpvrmm8z-glitch/1687ad1d9fc1af696efa9f603c1006be
cve@mitre.org
https://github.com/ttrftech/CentSDR/issues/15
cve@mitre.org