CVE-2026-42799

critical

Published 2026-04-30 · Modified 2026-05-05

CVSS v3

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

—

VIR risk

9.8

Description

Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. This issue affects Kestrel: before 2026/02/10.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: 68630edc-a58c-4cbd-9b01-0e130455c8ae — https://www.asrmicro.com/en/goods/psirt?cid=44

References

https://www.asrmicro.com/en/goods/psirt?cid=44

CWEs

CWE-125

Verify integrity in audit chain (admin only). AS-IS.