PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-54410 debevv CVE debrief

CVE-2026-54410 is a HIGH severity vulnerability in nanoMODBUS through v1.23.0. The vulnerability is caused by an off-by-one buffer overflow in the recv_msg_header() function of the Modbus/TCP server. This allows remote unauthenticated attackers to write one attacker-controlled byte past the end of the 260-byte receive buffer by sending a crafted MBAP frame whose Length field is set to 255. The overflow corrupts the adjacent buffer-index field of the nanoMODBUS state structure, resulting in denial of service through invalid memory accesses and, on bare-metal and RTOS targets without memory protection, one-byte information disclosure and writes to unintended register addresses on the Write Multiple Registers (FC16) handler path.

Vendor
debevv
Product
nanoMODBUS
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-14
Original CVE updated
2026-06-14
Advisory published
2026-06-14
Advisory updated
2026-06-14

Who should care

Users of nanoMODBUS through v1.23.0 should be aware of this vulnerability and take steps to mitigate it.

Technical summary

The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X.

Defensive priority

HIGH

Recommended defensive actions

  • Update to a version of nanoMODBUS that is not vulnerable.
  • Implement network segmentation and isolation to limit the attack surface.
  • Monitor network traffic for suspicious activity.

Evidence notes

The vulnerability is described in the CVE record [cve-org]. Additional information can be found in the NVD detail [nvd] and the source item URL [source-item].

Official resources

CVE-2026-54410 was published on 2026-06-14T18:17:20.330Z and has not been modified since then.