{"cve":{"cve_id":"CVE-2021-26635","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.01095,"epss_percentile":0.61239,"epss_as_of":"2026-06-23","description":"In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution.","published_at":"2022-06-01T15:04:52Z","last_modified_at":null,"cvss_v3_score":7.8,"cvss_v3_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-121"],"nvd_references":["https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:15:19.041334Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"bandisoft-international-inc.","vendor_name":"Bandisoft International Inc.","product_slug":"ark-library","product_name":"ark library","version_start":"unspecified","version_start_inclusive":true,"version_end":"7.17","version_end_inclusive":true,"cpe23_uri":"cve5:bandisoft-international-inc.:ark-library:unspecified:7.17"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2022-06-01T15:04:52Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:05:45.587354Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:05:45.587354Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:05:45.587354Z","label":"CVSS score revised","source":"cvelistv5"}]}