CVE-2026-30364
Published: 15 April 2026
Summary
CVE-2026-30364 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 18.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-30364, published on 2026-04-15, is a stack overflow vulnerability (CWE-121) in the "Thread1" function of CentSDR at commit e40795. This affects the CentSDR software, a project likely related to software-defined radio applications, with a CVSS v3.1 base score of 7.5 rated as High.
The vulnerability enables remote attackers with network access to exploit it with low complexity, requiring no privileges, no user interaction, and resulting in unchanged scope. Successful exploitation leads to high-impact availability disruption (A:H), specifically denial of service through stack overflow-induced crashes, while causing no impact to confidentiality or integrity.
For mitigation guidance, refer to the provided advisories: a GitHub issue at https://github.com/ttrftech/CentSDR/issues/15 and a Gist detailing the issue at https://gist.github.com/k6dpvrmm8z-glitch/1687ad1d9fc1af696efa9f603c1006be.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-22937
Vulnerability details
CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack overflow in network-accessible Thread1 function allows unauthenticated remote crash, directly enabling Endpoint Denial of Service via application exploitation (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires identifying, reporting, and correcting software flaws like this stack overflow vulnerability through timely patching.
SI-16 implements memory protection mechanisms such as stack canaries and non-executable stacks that directly mitigate stack overflow exploits.
SI-10 enforces input validation to prevent malformed network inputs from triggering the stack overflow in Thread1.