CVE-2026-40851
Published: 27 May 2026
Summary
CVE-2026-40851 is a high-severity Improper Validation of Specified Type of Input (CWE-1287) vulnerability in Certvde (inferred from references). Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Replication Through Removable Media (T1091); ranked at the 3.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-32150
Vulnerability details
A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vuln enables code exec via crafted file on USB, directly facilitating removable media replication and malicious file user execution.
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.