Cyber Resilience

CVE-2026-47311

HighUpdated

Published: 19 May 2026

Published
19 May 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0029 20.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-47311 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Samsung Escargot. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 20.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Heap buffer overflow in JS engine directly enables client-side code execution via crafted input (T1203) and local privilege escalation (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-47310Same product: Samsung Escargot
CVE-2026-8915Same product: Samsung Escargot
CVE-2026-47314Same product: Samsung Escargot
CVE-2025-20881Same vendor: Samsung
CVE-2025-52908Same vendor: Samsung
CVE-2025-20890Same vendor: Samsung
CVE-2025-49495Same vendor: Samsung
CVE-2026-20983Same vendor: Samsung
CVE-2026-20970Same vendor: Samsung
CVE-2026-20990Same vendor: Samsung

Affected Assets

samsung
escargot
2026-05-14

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References