PatchSiren cyber security CVE debrief
CVE-2026-32778 libexpat project CVE debrief
CVE-2026-32778 is a medium-severity vulnerability in Hitachi Energy's RTU500 series CMU Firmware. The vulnerability is caused by a NULL pointer dereference in the function setContext on retry after an earlier out-of-memory condition in libexpat before 2.7.5. This results in a Denial of Service impact. The product is only affected if IEC 61850 functionality is configured. According to the CISA advisory, ICSA-26-155-04, the affected versions include 12.7.1 – 12.7.7, 13.5.1 – 13.5.4, 13.6.1 – 13.6.3, 13.7.1 – 13.7.8, and 13.8.1. Hitachi Energy has provided updates to mitigate this vulnerability, including updating to CMU Firmware version 13.8.2 or 13.7.9 when available.
- Vendor
- libexpat project
- Product
- RTU500 series CMU Firmware
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-26
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-05-26
- Advisory updated
- 2026-06-04
Who should care
Organizations using Hitachi Energy's RTU500 series CMU Firmware, particularly those with IEC 61850 functionality configured, should be aware of this vulnerability. This includes industries relying on industrial control systems, such as utilities and critical infrastructure sectors. The vulnerability's medium severity and potential for Denial of Service impact make it important for defenders to assess their exposure and take appropriate mitigation steps.
Technical summary
CVE-2026-32778 is a NULL pointer dereference vulnerability in libexpat before version 2.7.5. The vulnerability occurs in the setContext function when it is called on retry after an earlier out-of-memory condition. This leads to a Denial of Service (DoS) impact. The RTU500 series CMU Firmware from Hitachi Energy is affected if IEC 61850 functionality is configured. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 5.5, indicating a medium severity level. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, reflecting Local Attack Vector, Low Attack Complexity, Low Privileges Required, and High Availability impact.
Defensive priority
Defenders should prioritize updating to CMU Firmware version 13.8.2 or 13.7.9 when available. Additionally, defenders should follow general mitigation factors and workarounds provided by Hitachi Energy and CISA.
Recommended defensive actions
- Update to CMU Firmware version 13.8.2
- Apply updates to CMU Firmware version 13.7.9 when available
- Follow general mitigation factors and workarounds provided by Hitachi Energy and CISA
- Assess exposure and take appropriate mitigation steps
- Monitor for IEC 61850 functionality configuration and its impact on the system
Evidence notes
The CISA advisory ICSA-26-155-04 provides detailed information about the vulnerability, including affected versions and mitigation steps. Hitachi Energy has provided updates to mitigate this vulnerability. The CVE record and NVD detail provide additional context and scoring information.
Official resources
-
CVE-2026-32778 CVE record
CVE.org
-
CVE-2026-32778 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
This article is AI-assisted and based on the supplied source corpus.