CVE-2026-50593 HIGH

CVE-2026-50593

Vendor Graphite Project
Product Graphite
Weakness CWE-191
Published June 5, 2026
Last update June 5, 2026

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.

Key dates

02Disclosure timeline

June 5, 2026 CVE published
June 5, 2026 Record updated