CVE-2026-36908
CVE-2026-36908
Vexday Risk Score
33Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 5.5EPSS 0.1%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
26 Jun 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A stack overflow in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected products
n/a · n/apublic PoCs found — 1
cve_referencegithub.com/z1r00/fuzz_vuln/blob/main/Bento4/mp42aac/poc4.zipunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.