{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-6839","assignerOrgId":"ca193ba2-0cff-4e34-b04e-1ea07103c6fe","state":"PUBLISHED","assignerShortName":"samsung.tv_appliance","dateReserved":"2026-04-22T06:03:50.823Z","datePublished":"2026-04-22T06:07:06.857Z","dateUpdated":"2026-04-22T12:30:25.364Z"},"containers":{"cna":{"providerMetadata":{"orgId":"ca193ba2-0cff-4e34-b04e-1ea07103c6fe","shortName":"samsung.tv_appliance","dateUpdated":"2026-04-22T06:07:06.857Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-1284","description":"CWE-1284 Improper validation of specified quantity in input","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-153","descriptions":[{"lang":"en","value":"CAPEC-153 Input Data Manipulation"}]}],"affected":[{"vendor":"Samsung Open Source","product":"ONE","versions":[{"status":"affected","version":"1.30.0"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE\nAffected version is prior to commit  1.30.0.","supportingMedia":[{"type":"text/html","base64":false,"value":"Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE<br>Affected version is prior to commit  1.30.0."}]}],"references":[{"url":"https://github.com/Samsung/ONE/pull/16481"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH","baseSeverity":"MEDIUM","baseScore":6.6,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.1"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-22T12:29:51.595229Z","id":"CVE-2026-6839","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-22T12:30:25.364Z"}}]}}