{"id":"PYSEC-2026-5","details":"A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stl_check_normal_vector of the file src/normals.c. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. It looks like this product is not really maintained anymore.","aliases":["CVE-2026-2653"],"modified":"2026-05-20T09:18:50.799037Z","published":"2026-02-18T11:16:32.770Z","references":[{"type":"WEB","url":"https://github.com/admesh/admesh/"},{"type":"ADVISORY","url":"https://vuldb.com/?id.346450"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.752596"},{"type":"REPORT","url":"https://github.com/admesh/admesh/issues/65"},{"type":"REPORT","url":"https://github.com/admesh/admesh/issues/65#issuecomment-3804571402"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.346450"},{"type":"EVIDENCE","url":"https://github.com/user-attachments/files/24878279/id.000035.sig.06.src.000550.time.910126.execs.241742.op.havoc.rep.5.zip"}],"affected":[{"package":{"name":"admesh","ecosystem":"PyPI","purl":"pkg:pypi/admesh"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.98.6"}]}],"versions":["0.96","0.98","0.98.1","0.98.2","0.98.3","0.98.4","0.98.5","0.98a1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/admesh/PYSEC-2026-5.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}