CVE-2026-6839 MEDIUM

CVE-2026-6839

Vendor Samsung Open Source
Product ONE
Weakness CWE-1284
Published April 22, 2026
Last update April 22, 2026

CVSS base score

6.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0.

Key dates

02Disclosure timeline

April 22, 2026 CVE published
April 22, 2026 Record updated