Cyber Resilience

CVE-2026-42477

High

Published: 01 May 2026

Published
01 May 2026
Modified
10 May 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
EPSS Score 0.0001 2.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-42477 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Opencascade Open Cascade Technology. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 2.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-42477 is a heap-based out-of-bounds read vulnerability in the RWObj_Reader::read function of the OBJ file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5. The issue stems from Standard_ReadLineBuffer::ReadLine() returning a 1-byte buffer for a minimal OBJ line, after which RWObj_Reader::read() invokes pushIndices(aLine + 2) without validating the buffer length. This flaw, classified under CWE-125, was published on 2026-05-01.

User-assisted attackers can exploit this vulnerability by persuading victims to open a crafted OBJ file, requiring local access (AV:L), low attack complexity (AC:L), no privileges (PR:N), and user interaction (UI:R). Successful exploitation can lead to denial of service (A:H) or disclosure of sensitive information (C:H), with no integrity impact (I:N) and no scope change (S:U), earning a CVSS v3.1 base score of 7.1.

Mitigation details are available in the referenced advisory at https://gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94a.

EU & UK References

Vulnerability details

A heap-based out-of-bounds read vulnerability in RWObj_Reader::read in the OBJ file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ…

more

file. The issue occurs because Standard_ReadLineBuffer::ReadLine() can return a 1-byte buffer for a minimal OBJ line, and RWObj_Reader::read() calls pushIndices(aLine + 2) without validating the buffer length.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

The vulnerability is triggered by a user opening a crafted malicious OBJ file in an application using the OCCT library, directly enabling exploitation via T1204.002 Malicious File under User Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-42476Same product: Opencascade Open Cascade Technology
CVE-2026-42478Same product: Opencascade Open Cascade Technology
CVE-2026-21490Shared CWE-122, CWE-125
CVE-2026-21488Shared CWE-122, CWE-125
CVE-2026-21494Shared CWE-122, CWE-125
CVE-2026-0956Shared CWE-125
CVE-2026-21324Shared CWE-125
CVE-2026-21322Shared CWE-125
CVE-2026-27284Shared CWE-125
CVE-2025-53131Shared CWE-122

Affected Assets

opencascade
open cascade technology
8.0.0 · ≤ 7.9.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of OBJ file line buffers before accessing offsets like aLine + 2 to prevent heap-based out-of-bounds reads.

prevent

Ensures timely patching of the specific buffer length validation flaw in OCCT's RWObj_Reader OBJ parser.

prevent

Limits sensitive information disclosure by requiring error handling that avoids revealing internal state during out-of-bounds read failures.

References