CVE-2026-3408 MEDIUM

CVE-2026-3408: Open Babel CDXML File atom.cpp GetExplicitValence null pointer dereference

Vendor N/A
Product Open Babel
Weakness CWE-476
Published March 2, 2026
Last update March 2, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available and might be used. The name of the patch is e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is best practice to apply a patch to resolve this issue.

Key dates

02Disclosure timeline

March 2, 2026 CVE published
March 2, 2026 Record updated