CVE-2026-40446 PUBLISHED

Assigner: samsung.tv_appliance
Reserved: 13.04.2026 Published: 13.04.2026 Updated: 13.04.2026

Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
CVSS Score: 6.9

Attack Vector	Local	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Samsung Open Source
Product	Escargot
Versions	Default: unaffected Version 97e8115ab1110bc502b4b5e4a0c689a71520d335 is affected

Credits

Sebastián Alba Vives / @Sebasteuo reporter

References

https://github.com/Samsung/escargot/pull/1554

Problem Types

CWE-843 Access of resource using incompatible type ('type confusion') CWE

Impacts

CAPEC-129 Pointer Manipulation