CVE-2026-50593NVD

Vulnerability Summary

Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.

Severity Level

HIGH(7.3)

Published Date

Jun 5, 2026

Last Modified

Jun 5, 2026

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-191: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeUnchanged

ConfidentialityLow

IntegrityHigh

AvailabilityHigh

External References

https://github.com/silnrsi/graphite/commit/ad78c6b7319909e1540c1b134e115ced03417866
https://github.com/silnrsi/graphite/compare/1.3.14...1.3.15