CVE-2026-20777:

Heap-based buffer overflow vulnerability in Nicolet WFT parsing of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63).

Score
A numerical rating that indicates how dangerous this vulnerability is.

8.1High

Published Date:Mar 3, 2026
CISA KEV Date:*No Data*
Industries Affected:20

Exploitability

Score:2.2
Attack Vector:NETWORK
Attack Complexity:HIGH
Privileges Required:NONE
User Interaction:NONE
Scope:UNCHANGED

Impact

Score:5.9
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Heap-based buffer overflow vulnerability in Nicolet WFT parsing of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63).

Overview

The vulnerability (CVE-2026-20777) affects the Nicolet WFT parsing functionality in The Biosig Project libbiosig. It is classified as a heap-based buffer overflow (CWE-122) with a CVSS v3.1 base score of 8.1, indicating high severity. The vulnerability can be exploited remotely without requiring privileges or user interaction, although the attack complexity is considered high. Successful exploitation could result in a complete compromise of system confidentiality, integrity, and availability.

Remediation

As of the current information available, no specific remediation steps have been provided. Users and administrators of systems using The Biosig Project libbiosig should monitor for updates from the project maintainers and apply any security patches as soon as they become available. In the meantime, it is advisable to exercise caution when processing .wft files from untrusted sources and to implement additional security measures such as input validation and sandboxing where possible.