CVE-2026-10718 PUBLISHED

Open Seachest/Seachest NVMe Trim (Deallocate) Vulnerability

Assigner: Seagate
Reserved: 02.06.2026 Published: 02.06.2026 Updated: 03.06.2026

Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 bytes outside of the allocated space when running this operation.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green
CVSS Score: 4.6

Product Status

Package Collection https://github.com/Seagate/
Package Name openSeaChest
Versions Default: unaffected
  • affected from 0 to 26.03.0 (incl.)

References

Problem Types

  • CWE-787 Out-of-bounds write CWE

Impacts

  • CAPEC-100 Overflow Buffers