CVE-2026-5473 LOW

CVE-2026-5473: NASA cFS Pickle pickle.load deserialization

Vendor Nasa

Product cFS

Weakness CWE-502 · Unsafe deserialization

Published April 3, 2026

Last update April 6, 2026

View on NVD All CVEs

CVSS base score

2.0/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to be performed locally. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Key dates

02Disclosure timeline

April 3, 2026 CVE published

April 6, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-5473 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

CVE-2026-5473: NASA cFS Pickle pickle.load deserialization

01Description

02Disclosure timeline

03References

04Related CVE