CVE-2026-37541:
A critical buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005 allows remote attackers to cause denial of service or execute arbitrary code via crafted GVRET frames due to improper validation of the length field in GVRET binary data within `canformat_gvret.cpp`.
Score
A numerical rating that indicates how dangerous this vulnerability is.
10.0Critical- Published Date:May 1, 2026
- CISA KEV Date:*No Data*
- Industries Affected:20
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:CHANGED
Impact
- Score:6.0
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
A critical buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005 allows remote attackers to cause denial of service or execute arbitrary code via crafted GVRET frames due to improper validation of the length field in GVRET binary data within `canformat_gvret.cpp`.
Overview
CVE-2026-37541 is a critical stack-based buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005. The flaw resides in `canformat_gvret.cpp`, where the length field in GVRET binary protocol data is not properly validated. Remote unauthenticated attackers can send maliciously crafted GVRET frames to trigger memory corruption, leading to denial of service or arbitrary code execution. The CVSS v3.1 score of 10.0 underscores the severity of the vulnerability, given the network accessibility, absence of required privileges or user interaction, and the potential for complete system compromise across a changed scope.
Remediation
- Users and administrators running OVMS3 version 3.3.005 should take the following steps to remediate or mitigate this vulnerability. First, monitor the official Open Vehicle Monitoring System 3 GitHub repository for patches or updated releases that address this vulnerability and apply them immediately upon availability. Second, restrict network access to OVMS3 interfaces using firewall rules or network segmentation to limit exposure to untrusted networks or hosts. Third, review and apply any available input validation patches or workarounds in `canformat_gvret.cpp` that enforce strict bounds checking on the GVRET binary data length field. Fourth, monitor systems for anomalous behavior or unexpected crashes that may indicate exploitation attempts. Fifth, consider disabling GVRET binary frame processing if it is not required for operational use until a fix is confirmed and deployed.
References
- - NIST NVD entry for CVE-2026-37541: https://nvd.nist.gov/vuln/detail/CVE-2026-37541
- - Proof-of-concept and technical details: https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381
- - Open Vehicle Monitoring System 3 GitHub repository: https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3
- - CWE-121: Stack-based Buffer Overflow: https://cwe.mitre.org/data/definitions/121.html
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
