{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/space/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["NASA Core Flight System (cFS) Health \u0026 Safety (HS) Application"],"_cs_severities":["medium"],"_cs_tags":["cve","vulnerability","denial-of-service","ics","space","transportation"],"_cs_type":"threat","_cs_vendors":["NASA"],"content_html":"\u003cp\u003eA significant vulnerability, identified as CVE-2026-15352, has been discovered in NASA's Core Flight System (cFS) Health \u0026amp; Safety (HS) Application. This flaw, present in versions prior to v7.0.1, is a NULL Pointer Dereference (CWE-476) that can be triggered when the application processes a routine Housekeeping Telemetry request. Successful exploitation by an unauthenticated attacker results in a segmentation fault, causing the application to crash and leading to a denial-of-service condition. This vulnerability is particularly critical as the cFS HS Application is deployed worldwide and is integral to Transportation Systems, making affected systems susceptible to significant operational disruption. There is no public information about active exploitation of this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker sends a specially crafted Housekeeping Telemetry request to a vulnerable NASA Core Flight System (cFS) Health \u0026amp; Safety (HS) Application instance (versions prior to v7.0.1).\u003c/li\u003e\n\u003cli\u003eThe application receives and attempts to process the malformed telemetry request.\u003c/li\u003e\n\u003cli\u003eDuring this processing, a NULL Pointer Dereference occurs within the application's code, leading to CVE-2026-15352.\u003c/li\u003e\n\u003cli\u003eThe NULL Pointer Dereference triggers a segmentation fault within the application's process.\u003c/li\u003e\n\u003cli\u003eThe segmentation fault causes the cFS Health \u0026amp; Safety Application to crash unexpectedly.\u003c/li\u003e\n\u003cli\u003eThe application's crash results in a denial-of-service condition, rendering the affected instance inoperable.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-15352 leads directly to a denial-of-service condition, causing the NASA Core Flight System (cFS) Health \u0026amp; Safety (HS) Application to crash. This can result in the loss of critical health monitoring and safety functions for affected systems. Given its deployment in critical infrastructure sectors, particularly Transportation Systems worldwide, such disruptions could have severe operational consequences, compromising the reliability and safety of space and aeronautical missions or related ground control systems. The direct impact is service unavailability, which could cascade into broader system failures depending on the specific integration and operational context.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-15352 immediately by updating all instances of the NASA Core Flight System (cFS) Health \u0026amp; Safety (HS) Application to v7.0.1 or later using the official release from \u003ccode\u003ehttps://github.com/nasa/HS/releases/tag/v7.0.1\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eImplement strict network segmentation and firewall rules to minimize network exposure for all control system devices and systems, ensuring that \u003ccode\u003eNASA Core Flight System (cFS) Health \u0026amp; Safety (HS) Application\u003c/code\u003e instances are not directly accessible from the internet.\u003c/li\u003e\n\u003cli\u003eWhen remote access to \u003ccode\u003eNASA Core Flight System (cFS) Health \u0026amp; Safety (HS) Application\u003c/code\u003e is required, use secure methods such as Virtual Private Networks (VPNs) and ensure VPNs are updated to the most current version available.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-16T16:13:24Z","date_published":"2026-07-16T16:13:24Z","id":"https://feed.craftedsignal.io/briefs/2026-07-nasa-cfs-hs-vulnerability/","summary":"A high-severity denial-of-service vulnerability, CVE-2026-15352, affects NASA Core Flight System (cFS) Health \u0026 Safety (HS) Application versions prior to v7.0.1, allowing an unauthenticated attacker to crash the application via a crafted Housekeeping Telemetry request, leading to service disruption in critical infrastructure sectors like Transportation Systems.","title":"NASA Core Flight System Health \u0026 Safety Application Denial-of-Service Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-07-nasa-cfs-hs-vulnerability/"}],"language":"en","title":"CraftedSignal Threat Feed - Space","version":"https://jsonfeed.org/version/1.1"}