CVE-2026-3408

MEDIUM

Open Babel <=3.1.1 - Memory Corruption

Title source: llm

Description

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available and might be used. The name of the patch is e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is best practice to apply a patch to resolve this issue.

References (7)

[Permissions Required, VDB Entry] https://vuldb.com/?id.348303

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.348303

[Permissions Required, VDB Entry] https://vuldb.com/?submit.763756

[Issue Tracking] https://github.com/openbabel/openbabel/issues/2848

[Issue Tracking] https://github.com/openbabel/openbabel/pull/2862

[Third Party Advisory] https://github.com/oneafter/0128/blob/main/ob3/repro.cdxml

View Writeup ZIP pw:eip

[Patch] https://github.com/VedantMadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a

View Patch ZIP pw:eip

Scores

CVSS v3 4.3

EPSS 0.0010

EPSS Percentile 26.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-404 CWE-476 CWE-787

Status published

Products (1)

openbabel/open_babel < 3.1.1

Published Mar 02, 2026

Tracked Since Mar 02, 2026