PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-54413 driftregion CVE debrief

CVE-2026-54413 is an integer underflow and downstream out-of-bounds read vulnerability in the Handle_0x27_SecurityAccess() function in iso14229.c. This vulnerability allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer by sending a single-byte 0x27 SecurityAccess request that follows any earlier well-formed 0x27 message. The handler reads the SecurityAccess subFunction from recv_buf[1] without first checking that recv_len is at least 2, then computes the key-data length as the unsigned subtraction (uint16_t)(recv_len - UDS_0X27_REQ_BASE_LEN); when recv_len equals 1 the result underflows to 65535 and is passed as args.len to the application's SecAccessValidateKey or SecAccessRequestSeed callback, which typically iterates or copies that many bytes from the 4-KB receive buffer.

Vendor
driftregion
Product
iso14229
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-14
Original CVE updated
2026-06-14
Advisory published
2026-06-14
Advisory updated
2026-06-14

Who should care

Deployments on automotive ECUs, industrial controllers, and IoT devices that ship iso14229 as their UDS server are affected.

Technical summary

The vulnerable handler reaches over CAN bus, OBD-II, ISO-TP, and DoIP transports and is exposed in the default diagnostic session without prior authentication.

Defensive priority

The CVSS score for this vulnerability is 7.8, with a severity rating of HIGH.

Recommended defensive actions

  • Update to a version of iso14229 that is not vulnerable.
  • Implement additional security measures to restrict access to the UDS server.

Evidence notes

This vulnerability is described in CVE-2026-54413, which was published on 2026-06-14T18:17:20.943Z.

Official resources

CVE-2026-54413 was published on 2026-06-14T18:17:20.943Z and has not been modified since then.