PatchSiren cyber security CVE debrief
CVE-2026-47306 Samsung Open Source CVE debrief
A MEDIUM severity vulnerability, CVE-2026-47306, was found in Samsung Open Source rlottie, affecting versions before e2d19e3b150e0e4a9586fa90b56fd3061cc98945. This issue is caused by an Uncontrolled Recursion vulnerability, which allows Oversized Serialized Data Payloads. The CVSS score for this vulnerability is 6.1.
- Vendor
- Samsung Open Source
- Product
- rlottie
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of Samsung Open Source rlottie, especially those using versions before e2d19e3b150e0e4a9586fa90b56fd3061cc98945, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by an Uncontrolled Recursion in Samsung Open Source rlottie, which allows Oversized Serialized Data Payloads. The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H.
Defensive priority
MEDIUM
Recommended defensive actions
- Update rlottie to version e2d19e3b150e0e4a9586fa90b56fd3061cc98945 or later.
- Refer to [ref-4](https://github.com/Samsung/rlottie/pull/585) for more information.
Evidence notes
The CVE record can be found at [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-47306). The NVD detail page is available at [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-47306).
Official resources
-
CVE-2026-47306 CVE record
CVE.org
-
CVE-2026-47306 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-47306 was published on 2026-06-04T10:16:38.927Z and modified on 2026-06-04T15:27:23.470Z.