PatchSiren

openvehicles CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Openvehicles CVE published 2026-05-01

CVE-2026-42469

CVE-2026-42469 is a high-severity buffer overflow affecting Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. According to the NVD record, the parser in canformat_canswitch.cpp does not properly validate a CANswitch DLC value, which can allow a remote attacker to send crafted CANswitch frames that may cause a denial of service and, potentially, arbitrary code execution. The vulnerability was published on [truncated]

HIGH Openvehicles CVE published 2026-05-01

CVE-2026-42468

CVE-2026-42468 is a high-severity buffer overflow in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005 affecting PCAP parsing in canformat_pcap.cpp. According to the CVE/NVD record, a crafted PCAP input can trigger the flaw and may cause denial of service or possibly arbitrary code execution. NVD marks the issue as analyzed and lists the affected firmware version as 3.3.005.

CRITICAL openvehicles CVE published 2026-05-01

CVE-2026-37541

CVE-2026-37541 is a critical buffer overflow in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. According to the CVE record, canformat_gvret.cpp does not properly validate the length field in GVRET binary data, so crafted GVRET frames can trigger a denial of service and may permit arbitrary code execution. NVD classifies the issue as remotely exploitable with no privileges or user interaction required, [truncated]