CVE-2026-29643
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-29643
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR addresses may trigger an illegal-instruction exception but fail to reliably transfer control to the configured trap handler (mtvec), causing control-flow disruption and potentially leaving the core in a hung or unrecoverable state. This can be exploited by a local attacker able to execute code on the processor to cause a denial of service and potentially inconsistent architectural state.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
XiangShan 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
XiangShan是中国XiangShan开源的一个开源高性能RISC-V处理器项目。 XiangShan存在安全漏洞,该漏洞源于CSR子系统对异常条件处理不当,可能导致本地攻击者造成拒绝服务或架构状态不一致。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2026-29643
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-29643
请登录查看更多情报信息。
Same Patch Batch · n/a · 2026-04-20 · 21 CVEs total
| CVE-2026-6650 | 4.7 MEDIUM | Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload |
| CVE-2026-6591 | 4.3 MEDIUM | ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal |
| CVE-2026-6590 | 4.3 MEDIUM | ComfyUI Model Preview Endpoint model_manager.py get_model_preview path traversal |
| CVE-2026-6589 | 4.3 MEDIUM | ComfyUI server.py create_origin_only_middleware cross-site request forgery |
| CVE-2026-6593 | 3.5 LOW | ComfyUI View Endpoint server.py cross site scripting |
| CVE-2026-6592 | 3.5 LOW | ComfyUI userdata Endpoint user_manager.py getuserdata cross site scripting |
| CVE-2026-29642 | XiangShan 安全漏洞 | |
| CVE-2026-29648 | NEMU 安全漏洞 | |
| CVE-2026-29647 | NEMU 安全漏洞 | |
| CVE-2026-29646 | NEMU 安全漏洞 | |
| CVE-2026-30266 | DeepCool DeepCreative 安全漏洞 | |
| CVE-2026-29649 | NEMU 安全漏洞 | |
| CVE-2026-29645 | NEMU 安全漏洞 | |
| CVE-2026-39109 | PHPGurukul Apartment Visitors Management System 安全漏洞 | |
| CVE-2026-39111 | PHPGurukul Apartment Visitors Management System 安全漏洞 | |
| CVE-2026-39110 | PHPGurukul Apartment Visitors Management System 安全漏洞 | |
| CVE-2026-39112 | PHPGurukul Apartment Visitors Management System 安全漏洞 | |
| CVE-2026-26399 | Arduino 安全漏洞 | |
| CVE-2025-66954 | Buffalo LinkStation 安全漏洞 | |
| CVE-2026-30269 | doorman 安全漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2026-29643
No comments yet