CVE-2026-47314 Samsung Open Source CVE debrief

Who should care

Organizations using Samsung Escargot JavaScript engine in embedded systems, IoT devices, or applications; developers maintaining Escargot-based projects; security teams monitoring JavaScript engine vulnerabilities.

Technical summary

CVE-2026-47314 is an out-of-bounds write vulnerability (CWE-787) in Samsung's open-source Escargot JavaScript engine. The vulnerability, rated HIGH severity with CVSS 3.1 score 7.8, affects Escargot at commit 590345cc6258317c5da850d846ce6baaf2afc2d3. The flaw enables buffer overflow conditions that could lead to memory corruption. Local attack vector with user interaction required; successful exploitation may result in high impact to confidentiality, integrity, and availability. A pull request has been submitted to remediate the issue.

Defensive priority

HIGH

Recommended defensive actions

• Review and apply the remediation pull request when merged to address the out-of-bounds write vulnerability
• Identify systems running Escargot commit 590345cc6258317c5da850d846ce6baaf2afc2d3 or earlier
• Monitor Samsung Escargot repository for official security advisory and patched release
• Implement input validation and sandboxing for JavaScript execution contexts where Escargot is deployed
• Subscribe to Samsung PSIRT notifications for updates on this vulnerability

Evidence notes

The CVE description identifies an out-of-bounds write (CWE-787) in Samsung's Escargot JavaScript engine. NVD records show the vulnerability status as 'Undergoing Analysis' with a CVSS 3.1 score of 7.8 (HIGH). The affected version is specified as commit 590345cc6258317c5da850d846ce6baaf2afc2d3. A remediation pull request is referenced in the source data.

Official resources