CVE-2026-50593
📛 CVE Title
CVE-2026-50593
Description
Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.
Overview
- State
- PUBLISHED
- Assigner (CNA)
- mitre
- CVSS severity
- HIGH
- CVSS score
- 7.3 / 10
- CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H- Effective score
- 7.3 / 10 HIGH source: CNA overview
- CWE(s)
-
CWE-191 - Reserved
- 2026-06-05
- Published
- 2026-06-05 02:14 UTC
- Last updated
- 2026-06-05 02:20 UTC
- Source
- https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/50xxx/CVE-2026-50593.json
- Linked Threat
- CVE-2026-50593 — CVE-2026-50593
Affected products (1)
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Graphite project | Graphite |
0 (affected)
|
— |
Remediations (0)
Remediations are stored against the linked Threat row; the list below is deduplicated across both pages.
No remediations stored yet — an automatic web search has been queued to a collection agent. Please wait while we search for remediations… this page reloads automatically when results arrive.
Vendor references (2)
References embedded in the original CVE record by the assigning CNA.
Web references (0)
DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.
No web references attached yet.
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.
Raw JSON
The full cvelistV5 record. Download as CVE-2026-50593.json.
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Graphite",
"vendor": "Graphite project",
"versions": [
{
"lessThan": "1.3.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:graphite_project:graphite:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T02:20:17.663Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/silnrsi/graphite/commit/ad78c6b7319909e1540c1b134e115ced03417866"
},
{
"url": "https://github.com/silnrsi/graphite/compare/1.3.14...1.3.15"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-50593",
"datePublished": "2026-06-05T02:14:33.412Z",
"dateReserved": "2026-06-05T02:14:32.977Z",
"dateUpdated": "2026-06-05T02:20:17.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}