CVE-2026-37539:

A critical buffer overflow vulnerability in cannelloni v2.0.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted CAN FD frames.

Score
A numerical rating that indicates how dangerous this vulnerability is.

9.8Critical

Published Date:May 1, 2026
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.3
EPSS Percentile:48%

Exploitability

Score:3.9
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:NONE
Scope:UNCHANGED

Impact

Score:5.9
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

A critical buffer overflow vulnerability in cannelloni v2.0.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted CAN FD frames.

Overview

CVE-2026-37539 is a critical-severity stack-based buffer overflow vulnerability discovered in cannelloni v2.0.0, an open-source tool designed to tunnel Controller Area Network (CAN) traffic over UDP. The flaw resides in the CAN frame parsing logic, specifically in the `parseCANFrame` function in `parser.cpp` and the `decodeFrame` function in `decoder.cpp`. By sending maliciously crafted CAN FD frames to a system running cannelloni, a remote unauthenticated attacker can trigger a stack buffer overflow. The consequences range from crashing the application (denial of service) to potentially achieving arbitrary remote code execution on the affected host. Given that cannelloni is frequently deployed in automotive and industrial environments where CAN bus communication is critical, exploitation of this vulnerability could have significant operational and safety implications. The CVSS v3.1 score of 9.8 reflects the ease of exploitation and the severity of potential impact.

Remediation

Users of cannelloni v2.0.0 should take the following steps to mitigate exposure to CVE-2026-37539. Monitor the official cannelloni GitHub repository at https://github.com/mguentner/cannelloni for patches or updated releases that address the buffer overflow in `parseCANFrame` and `decodeFrame`. Until a patched version is available, restrict network access to cannelloni instances by using firewall rules or network segmentation to ensure only trusted hosts can send CAN frames to the application. Consider deploying the application behind a network-level access control layer to reduce the attack surface. Apply runtime mitigations such as stack canaries, Address Space Layout Randomization (ASLR), and non-executable stack protections where possible to limit the exploitability of the overflow. Regularly audit and monitor logs for anomalous CAN frame traffic that may indicate exploitation attempts.