Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

NASA — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting NASA. AI-powered Chinese analysis, POCs, and references for each vulnerability.

NASA operates as the United States’ civilian space agency, managing complex aerospace research, satellite communications, and planetary exploration missions. Its extensive digital infrastructure includes legacy control systems, web-facing public portals, and internal enterprise networks, creating a broad attack surface. Historically, vulnerabilities within its ecosystem have frequently involved remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from outdated software components or misconfigured web applications. While no catastrophic data breaches have publicly compromised critical mission-critical telemetry, the agency has faced scrutiny over data privacy and system integrity. The presence of thirty-four recorded CVEs highlights ongoing challenges in maintaining security across diverse, specialized technical environments. Continuous patching and rigorous access controls remain essential to protect sensitive scientific data and ensure the reliability of critical space operations against evolving cyber threats.

Top products by NASA: CryptoLib cFS openmct CFITSIO fprime
CVE IDTitleCVSSSeverityPublished
CVE-2026-41144 F´ (F Prime) has Integer Overflow in FileUplink — fprimeCWE-190--2026-04-21
CVE-2026-5476 NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow — cFSCWE-190 4.6 Medium2026-04-03
CVE-2026-5475 NASA cFS CCSDS Header Size cfe_sb_priv.c CFE_SB_TransmitMsg memory corruption — cFSCWE-119 5.5 Medium2026-04-03
CVE-2026-5474 NASA cFS CCSDS Packet Header to_lab_passthru_encode.c CFE_MSG_GetSize heap-based overflow — cFSCWE-122 6.3 Medium2026-04-03
CVE-2026-5473 NASA cFS Pickle pickle.load deserialization — cFSCWE-502 4.5 Medium2026-04-03
CVE-2026-22697 CryptoLib Has Heap Buffer Overflow Vulnerability in KMC Base64 Decode Handling (KMC JSON base64ciphertext/base64cleartext) — CryptoLibCWE-122 7.5 High2026-01-10
CVE-2026-22027 CryptoLib Vulnerable to Heap Buffer Overflow in MariaDB SA Hexstring Conversion — CryptoLibCWE-122 9.8 -2026-01-10
CVE-2026-22026 CryptoLib Unbounded Memory Allocation in KMC HTTP Response Handler Allows Resource Exhaustion — CryptoLibCWE-789 7.5 -2026-01-10
CVE-2026-22025 CryptoLib Memory Leak on HTTP Error Response in KMC Client — CryptoLibCWE-401--2026-01-10
CVE-2026-22024 CryptoLib Memory Leak in KMC Encrypt Function Leads to Resource Exhaustion — CryptoLibCWE-401 7.5 -2026-01-10
CVE-2026-22023 CryptoLib Has Out-of-Bounds Read in KMC AEAD Encrypt Metadata Parsing via Flawed strtok Pattern — CryptoLibCWE-125 9.1 -2026-01-10
CVE-2026-21900 CryptoLib Has Out-of-Bounds Read in KMC Encrypt Metadata Parsing via Flawed strtok Pattern — CryptoLibCWE-125 9.1 -2026-01-10
CVE-2026-21899 CryptoLib has an out-of-bounds read and crash vulnerability when decoding an empty Base64url string — CryptoLibCWE-125 4.7 Medium2026-01-10
CVE-2026-21898 CryptoLib Has Out-of-bounds Read in Crypto_AOS_ProcessSecurity — CryptoLibCWE-125 8.2 High2026-01-10
CVE-2026-21897 CryptoLib Has Out-of-Bounds Write in Crypto_Config_Add_Gvcid_Managed_Parameters — CryptoLibCWE-787 7.3 High2026-01-10
CVE-2025-64096 CryptoLib vulnerable to Stack Buffer Overflow in Crypto_Key_Update due to missing TLV length check — CryptoLibCWE-121 9.8AICriticalAI2025-10-30
CVE-2025-59534 CryptoLib command Injection vulnerability in initialize_kerberos_keytab_file_login() — CryptoLibCWE-78 7.3 High2025-09-23
CVE-2025-54878 Heap Buffer Overflow in NASA CryptoLib 1.4.0 `Crypto_TC_Check_IV_Setup` — CryptoLibCWE-122 8.6 High2025-08-11
CVE-2025-46675 CryptoLib 安全漏洞 — CryptoLibCWE-913 3.5 Low2025-04-27
CVE-2025-46674 CryptoLib 安全漏洞 — CryptoLibCWE-489 3.5 Low2025-04-27
CVE-2025-46672 CryptoLib 安全漏洞 — CryptoLibCWE-252 3.5 Low2025-04-27
CVE-2025-46673 CryptoLib 安全漏洞 — CryptoLibCWE-913 4.9 Medium2025-04-27
CVE-2025-30356 Heap Buffer Overflow via Incomplete Length Check in `Crypto_TC_ApplySecurity` — CryptoLibCWE-191 9.8AICriticalAI2025-04-01
CVE-2025-30216 CryptoLib Has Heap Overflow in Crypto_TM_ProcessSecurity due to Unchecked Secondary Header Length — CryptoLibCWE-122 9.4 Critical2025-03-25
CVE-2025-29913 CryptoLib's Crypto_TC_Prep_AAD Has Buffer Overflow Due to Integer Underflow — CryptoLibCWE-125 9.8 -2025-03-17
CVE-2025-29912 CryptoLib Has Heap Buffer Overflow Due to Unsigned Integer Underflow in Crypto_TC_ProcessSecurity — CryptoLibCWE-122 9.8 -2025-03-17
CVE-2025-29911 CryptoLib Has Heap Buffer Overflow in Crypto_AOS_ProcessSecurity Function — CryptoLibCWE-122 9.8 -2025-03-17
CVE-2025-29910 CryptoLib's crypto_handle_incrementing_nontransmitted_counter Function has Memory Leak — CryptoLibCWE-401 7.5 -2025-03-17
CVE-2025-29909 CryptoLib's Crypto_TC_ApplySecurity() Has a Heap Buffer Overflow Vulnerability — CryptoLibCWE-191 9.8 -2025-03-17
CVE-2022-23054 Openmct XSS via the “Summary Widget” — openmctCWE-79 6.1 Medium2022-02-20

This page lists every published CVE security advisory associated with NASA. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.