CVE-2026-40510— OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c
Possible ATT&CK Techniques 1AI
T1059 · Command and Scripting InterpreterGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40510
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longer than 118 bytes in the Key History Object ASN.1 response.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-40510
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40510
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-40510 (2)
Vendor Advisories for CVE-2026-40510 (1)
IV. Related Vulnerabilities
Same product: OpenSC
- CVE-2026-40528
OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile - CVE-2025-13763
Libopensc: opensc: multiple uses of uninitialized variable - CVE-2025-66215
OpenSC: Stack-buffer-overflow WRITE in card-oberthur - CVE-2025-66038
OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds po - CVE-2025-66037
OpenSC: Out of Bounds vulnerability
Same vendor: OpenSC
- CVE-2026-40528
OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile - CVE-2025-13763
Libopensc: opensc: multiple uses of uninitialized variable - CVE-2025-66215
OpenSC: Stack-buffer-overflow WRITE in card-oberthur - CVE-2025-66038
OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds po - CVE-2025-66037
OpenSC: Out of Bounds vulnerability
Same weakness: CWE-121
- CVE-2026-10067
Shibby Tomato multimon.cgi sub_90F0 stack-based overflow - CVE-2026-10066
Shibby Tomato UPS Service tomatoups.cgi sub_9068 stack-based - CVE-2026-10065
Shibby Tomato tomatodata.cgi get_ups_field stack-based overf - CVE-2018-25383
Free MP3 CD Ripper 2.8 Buffer Overflow SEH DEP Bypass - CVE-2026-10064
TRENDnet TEW-432BRP formSetPortTr stack-based overflow
V. Comments for CVE-2026-40510
No comments yet