{"id":"CVE-2026-50593","details":"Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.","modified":"2026-07-08T08:13:45.060855455Z","published":"2026-06-05T02:14:33.412Z","related":["SUSE-SU-2026:22063-1","SUSE-SU-2026:22072-1","SUSE-SU-2026:22191-1","SUSE-SU-2026:22225-1","SUSE-SU-2026:2474-1","SUSE-SU-2026:2477-1","SUSE-SU-2026:2478-1","openSUSE-SU-2026:10982-1","openSUSE-SU-2026:21124-1"],"database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/50xxx/CVE-2026-50593.json","cwe_ids":["CWE-191"]},"references":[{"type":"WEB","url":"https://github.com/silnrsi/graphite/compare/1.3.14...1.3.15"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/50xxx/CVE-2026-50593.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-50593"},{"type":"FIX","url":"https://github.com/silnrsi/graphite/commit/ad78c6b7319909e1540c1b134e115ced03417866"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/silnrsi/graphite","events":[{"introduced":"0"},{"fixed":"ca8d821e60a15b6c24e404c9086992c975d8e1cf"},{"fixed":"ad78c6b7319909e1540c1b134e115ced03417866"}],"database_specific":{"source":["DESCRIPTION","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"1.3.15"}]}}],"versions":["1.3.14","1.3.13","1.3.12","1.3.11","1.3.9","1.3.8","1.3.7","1.3.6","1.3.5","1.3.4","1.3.3","1.3.2","1.3.1","1.3.0","1.2.4","1.2.3","1.2.2","1.2.1","1.0.1","0.9.4","0.9.3","r0.9.1","Release_0.9","base"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-50593.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H"}]}