Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Admesh Up to 0.98.5: Local Heap Overflow Risk
CVE-2026-2653
Summary
A security issue has been found in Admesh versions up to 0.98.5. If exploited, it could allow an attacker with local access to cause the program to crash or potentially execute malicious code. Since the product is no longer actively maintained, it's recommended to consider replacing it with a newer version or alternative software.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| admesh_project | admesh | <= 0.98.5 | – |
Original title
A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stl_check_normal_vector of the file src/normals.c. Performing a manipulation results in heap-based buffer...
Original description
A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stl_check_normal_vector of the file src/normals.c. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. It looks like this product is not really maintained anymore.
nvd CVSS2.0
4.3
nvd CVSS3.1
7.8
nvd CVSS4.0
4.8
Vulnerability type
CWE-119
Buffer Overflow
CWE-122
Heap-based Buffer Overflow
- https://github.com/admesh/admesh/ Product
- https://github.com/admesh/admesh/issues/65 Issue Tracking
- https://github.com/admesh/admesh/issues/65#issuecomment-3804571402 Issue Tracking
- https://github.com/user-attachments/files/24878279/id.000035.sig.06.src.000550.t... Exploit
- https://vuldb.com/?ctiid.346450 Permissions Required VDB Entry
- https://vuldb.com/?id.346450 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.752596 Third Party Advisory VDB Entry
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026