CVE-2026-10717 PUBLISHED

Open-Seachest/Seachest show SCSI Defect List Vulnerability

Assigner: Seagate
Reserved: 02.06.2026 Published: 02.06.2026 Updated: 03.06.2026

Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of bounds for very large defects lists via a very bad drive with lots of defects or a maliciously crafted SCSI device’s defect response length.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:A/V:D/RE:L/U:Clear
CVSS Score: 1.8

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	Low	Confidentiality	Low
Attack Complexity	High	Integrity	Low	Integrity	Low
Attack Requirements	Present	Availability	Low	Availability	Low
Privileges Required	High
User Interaction	None

CVSS 4.0

Product Status

Package Collection	https://github.com/Seagate/
Package Name	openSeaChest
Versions	Default: unaffected affected from 0 to 25.05.3 (incl.) Version 26.03.0 is affected

CVE-2026-10717 PUBLISHED

Open-Seachest/Seachest show SCSI Defect List Vulnerability

Metrics

Product Status

References

Problem Types

Impacts