CVE-2026-10717

LOW

Open-Seachest/Seachest show SCSI Defect List Vulnerability

Title source: cna

Description

Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of bounds for very large defects lists via a very bad drive with lots of defects or a maliciously crafted SCSI device’s defect response length.

References (2)

Core 2

Core References

https://www.seagate.com/product-security/#security-advisories

https://www.seagate.com/support/software/seachest/

Scores

CVSS v4 1.8

EPSS 0.0010

EPSS Percentile 1.2%

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:Clear

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-787

Status published

Published Jun 02, 2026

Tracked Since Jun 03, 2026