CVE-2026-6069

HighPublic PoC

Published: 10 April 2026

Published

10 April 2026

Modified

16 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0001 3.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-6069 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Nasm Netwide Assembler. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 3.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the stack-based buffer overflow in NASM's disasm() function through timely flaw identification, patching, and deployment.

SI-16 Memory Protection good match

prevent

Implements memory protections like stack canaries, ASLR, and DEP to detect and prevent successful exploitation of the out-of-bounds write.

SI-10 Information Input Validation partial match

prevent

Validates inputs and parameters such as slen prior to disassembly processing to prevent exceeding buffer capacities.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

The stack-based buffer overflow in NASM's disasm() function enables remote exploitation resulting in memory corruption and application crashes or denial of service (high availability impact only), directly facilitating T1499.004 Endpoint Denial of Service via Application or System Exploitation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity.

Deeper analysisAI

CVE-2026-6069, published on 2026-04-10, is a stack-based buffer overflow vulnerability in the disasm() function of NASM, the Netwide Assembler. The issue arises during formatting of disassembly output, enabling an attacker-triggered out-of-bounds write when the slen parameter exceeds the allocated buffer capacity. It is associated with CWE-787 (Out-of-bounds Write) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

The vulnerability is exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Exploitation triggers memory corruption via the out-of-bounds write, resulting in high availability impact such as application crashes or denial of service, without compromising confidentiality or integrity.

Mitigation details and further discussion are available in the NASM GitHub issue at https://github.com/netwide-assembler/nasm/issues/217.