Home / Vulnerability Intelligence / CVE-2026-32845

CVE-2026-32845 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: March 24, 2026

cgltf - Integer Overflow

Published: March 23, 2026Updated: March 24, 2026

Overview

cgltf <= 1.15 contains an integer overflow caused by unchecked arithmetic in cgltf_validate() when validating sparse accessors, letting attackers trigger out-of-bounds reads and cause denial of service or memory disclosure, exploit requires crafted glTF/GLB files.

Severity & Score

Severity: High

CVSS Score: 8.4

EPSS Score: 1.2%(Probability of exploitation in next 30 days)

Impact

Attackers can cause denial of service crashes and potentially disclose memory via crafted input files.

Mitigation

Update to the latest version beyond 1.15.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 23, 2026

🟠 CVE-2026-32845 - High (8.4) cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-c... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32845/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-32845
Severity: High
CVSS Score: 8.4
Type: integer_overflow
Status: unconfirmed
EPSS: 1.2%
Social Posts: 1

CWE

CWE-190

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.2%Probability of exploitation in the next 30 days