Home / Vulnerability Intelligence / CVE-2026-37534

CVE-2026-37534 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: May 1, 2026

Open-SAE-J1939 - Integer Underflow

Published: May 1, 2026Updated: May 1, 2026Remote Exploitable

Overview

Open-SAE-J1939 contains an integer underflow caused by improper handling of sequence numbers in SAE_J1939_Read_Transport_Protocol_Data_Transfer, letting attackers write to arbitrary memory via crafted CAN frame sequence number.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 1.5%(Probability of exploitation in next 30 days)

Impact

Attackers can write to arbitrary memory, potentially leading to code execution or system compromise.

Mitigation

Update to the latest version including commit b6caf884df46435e539b1ecbf92b6c29b345bdfe or later.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

May 2, 2026

🔴 CVE-2026-37534 - Critical (9.8) Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Transport_Protocol_Data_Transfer,allows attackers to write to arbitrary memory via crafted sequence number from t... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-37534/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

May 2, 2026

View original post

Related Resources

Details

CVE ID: CVE-2026-37534
Severity: Critical
CVSS Score: 9.8
Type: integer_overflow
Status: new
EPSS: 1.5%
Social Posts: 2

CWE

CWE-191

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.5%Probability of exploitation in the next 30 days