CVE-2026-22903 - Vulnerability Details - OpenCVE

An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wago	0852-1322 0852-1328

No data.

No data.

References

Link	Providers
https://certvde.com/de/advisories/VDE-2026-004

History

Tue, 10 Feb 2026 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wago Wago 0852-1322 Wago 0852-1328
Vendors & Products		Wago Wago 0852-1322 Wago 0852-1328

Mon, 09 Feb 2026 08:00:00 +0000

Type	Values Removed	Values Added
Description		An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.
Title		Stack Overflow via SESSIONID Cookie in lighttpd
Weaknesses		CWE-121
References		https://certvde.com/de/advisories/VDE-2026-004
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2026-02-09T07:39:42.537Z

Updated: 2026-02-09T15:36:36.790Z

Reserved: 2026-01-13T08:33:25.683Z

Link: CVE-2026-22903

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-02-09T08:16:10.103

Modified: 2026-02-09T16:08:35.290

Link: CVE-2026-22903

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22903", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2026-01-13T08:33:25.683Z", "datePublished": "2026-02-09T07:39:42.537Z", "dateUpdated": "2026-02-09T15:36:36.790Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "0852-1322", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "2.64", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "0852-1328", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "2.64", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "0852-1322", "vendor": "WAGO", "versions": [{"status": "affected", "version": "2.64"}]}, {"defaultStatus": "unaffected", "product": "0852-1328", "vendor": "WAGO", "versions": [{"status": "affected", "version": "2.64"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Diconium"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.<br>"}], "value": "An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-02-09T07:39:42.537Z"}, "references": [{"url": "https://certvde.com/de/advisories/VDE-2026-004"}], "source": {"advisory": "VDE-2026-004", "defect": ["CERT@VDE#641934"], "discovery": "UNKNOWN"}, "title": "Stack Overflow via SESSIONID Cookie in lighttpd", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-09T15:36:08.801691Z", "id": "CVE-2026-22903", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:36:36.790Z"}}]}}