PatchSiren cyber security CVE debrief
CVE-2026-50593 Graphite project CVE debrief
CVE-2026-50593 is a HIGH severity vulnerability in Graphite, a graphics rendering library. The vulnerability is caused by an integer underflow and resultant out-of-bounds write via Graphite actions, specifically in the `slotat` function, which does not ensure that an offset is within the allowed slot-map range. This vulnerability has a CVSS score of 7.3 and can potentially lead to local privilege escalation.
- Vendor
- Graphite project
- Product
- Graphite
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Users of Graphite versions prior to 1.3.15 should be aware of this vulnerability and take steps to upgrade to a patched version.
Technical summary
The vulnerability is caused by an integer underflow and resultant out-of-bounds write via Graphite actions, specifically in the `slotat` function, which does not ensure that an offset is within the allowed slot-map range.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to Graphite version 1.3.15 or later.
- Review and apply patches from the vendor or community.
Evidence notes
The CVE record and NVD detail pages provide additional information about this vulnerability.
Official resources
CVE-2026-50593 was published on 2026-06-05T04:17:15.010Z and modified on 2026-06-05T16:06:10.940Z.