Cyber Resilience

CVE-2026-8047

High

Published: 26 May 2026

Published
26 May 2026
Modified
26 May 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0044 35.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-8047 is a high-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability in Certvde (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Unauthenticated remote HTTP request parsing flaw enables exploitation of public-facing apps (T1190) to trigger application/system crash for DoS (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-1092Shared CWE-1284
CVE-2023-54337Shared CWE-1284
CVE-2025-14513Shared CWE-1284
CVE-2025-55398Shared CWE-1284
CVE-2026-3381Shared CWE-1284
CVE-2026-27384Shared CWE-1284
CVE-2021-47824Shared CWE-1284
CVE-2026-44826Shared CWE-1284
CVE-2021-47831Shared CWE-1284
CVE-2021-47827Shared CWE-1284

Affected Assets

Certvde
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References