CVE-2026-10066

Summary

A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.

Affected Software

VendorProductVersion RangeStatus
ShibbyTomato1.0affected
ShibbyTomato1.1affected
ShibbyTomato1.2affected
ShibbyTomato1.3affected
ShibbyTomato1.4affected
ShibbyTomato1.5affected
ShibbyTomato1.6affected
ShibbyTomato1.7affected
ShibbyTomato1.8affected
ShibbyTomato1.9affected
ShibbyTomato1.10affected
ShibbyTomato1.11affected
ShibbyTomato1.12affected
ShibbyTomato1.13affected
ShibbyTomato1.14affected
ShibbyTomato1.15affected
ShibbyTomato1.16affected
ShibbyTomato1.17affected
ShibbyTomato1.18affected
ShibbyTomato1.19affected
ShibbyTomato1.20affected
ShibbyTomato1.21affected
ShibbyTomato1.22affected
ShibbyTomato1.23affected
ShibbyTomato1.24affected
ShibbyTomato1.25affected
ShibbyTomato1.26affected
ShibbyTomato1.27affected
ShibbyTomato1.28affected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References