CVE-2026-1188

CRITICAL

Eclipse Omr < 0.8.0 - Buffer Overflow

Title source: rule

Description

In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to account for the separator when determining when a write to the buffer was safe could lead to a buffer overflow. This issue is fixed in Eclipse OMR version 0.8.0.

References (1)

[Issue Tracking, Patch] https://github.com/eclipse-omr/omr/pull/8082

Scores

CVSS v3 9.8

EPSS 0.0002

EPSS Percentile 5.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-131 CWE-120

Status published

Affected Products (1)

eclipse/omr < 0.8.0

Timeline

Published Jan 29, 2026

Tracked Since Feb 18, 2026