CVE-2026-10719

LOW

Open Seachest/Seachest NVMe show Format Descriptors Vulnerability

Title source: cna

Description

Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra byte outside of allocated memory which sets a value to 1 via a maliciously crafted NVMe device with a bogus value in the namespace FLBAS byte.

References (2)

Core 2

Core References

https://www.seagate.com/product-security/#security-advisories

https://www.seagate.com/support/software/seachest/

Scores

CVSS v4 1.8

EPSS 0.0010

EPSS Percentile 1.2%

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:Clear

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-787

Status published

Published Jun 02, 2026

Tracked Since Jun 03, 2026