CVE-2026-20777

HighPublic PoC

Published: 03 March 2026

Published

03 March 2026

Modified

05 March 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0018 39.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file…

to trigger this vulnerability.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the known heap-based buffer overflow in libbiosig's WFT parsing by requiring timely identification, reporting, and correction of the flaw.

SI-16 Memory Protection good match

prevent

Implements memory protections such as address space randomization and non-executable memory to prevent arbitrary code execution from heap buffer overflows triggered by crafted .wft files.

SI-10 Information Input Validation good match

prevent

Requires validation of .wft file inputs to the libbiosig parser to reject specially crafted files that would trigger the buffer overflow vulnerability.

Security SummaryAI

A heap-based buffer overflow vulnerability, tracked as CVE-2026-20777 and published on 2026-03-03, affects the Nicolet WFT parsing functionality in The Biosig Project's libbiosig version 3.9.2 and the master branch at commit db9a9a63. This flaw, classified under CWE-122, carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Processing a specially crafted .wft file triggers the overflow, potentially leading to arbitrary code execution.

Remote attackers require no privileges or user interaction but must craft a file with high complexity to exploit this over a network. Successful exploitation grants high confidentiality, integrity, and availability impacts, enabling full arbitrary code execution in the context of the affected libbiosig process.

Mitigation details are available in the associated advisories from Talos Intelligence, referenced at https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362 and https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2362.

Details

CWE(s): CWE-122

Affected Products

libbiosig project

libbiosig

3.9.2

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Heap-based buffer overflow triggered by parsing a crafted .wft file enables arbitrary code execution, directly mapping to Exploitation for Client Execution (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362
Exploit, Third Party Advisory · talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2362
Exploit, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108