Cyber Resilience

CVE-2026-47314

HighUpdated

Published: 19 May 2026

Published
19 May 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0029 20.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-47314 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Samsung Escargot. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Out-of-bounds write (CWE-787) in JS engine directly enables memory corruption exploitation for privilege escalation or client-side code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-8915Same product: Samsung Escargot
CVE-2026-47310Same product: Samsung Escargot
CVE-2026-47311Same product: Samsung Escargot
CVE-2025-20881Same vendor: Samsung
CVE-2025-20890Same vendor: Samsung
CVE-2025-20888Same vendor: Samsung
CVE-2025-20931Same vendor: Samsung
CVE-2025-20882Same vendor: Samsung
CVE-2025-21042Same vendor: Samsung
CVE-2025-20929Same vendor: Samsung

Affected Assets

samsung
escargot
2026-05-14

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References