CVE-2026-8363
Published: 27 May 2026
Summary
CVE-2026-8363 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow triggered by long URL path enables remote code execution against a network service (CWE-121, CVSS 9.8).
NVD Description
A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-32642
Regulatory context (EU CRA / NIS2 / DORA / UK NIS Regulations)
EU Cyber Resilience Act — coordinated disclosure
Critical and high-severity vulnerabilities in products with digital elements may trigger coordinated-disclosure obligations under the EU Cyber Resilience Act (CRA, Regulation 2024/2847). Manufacturers placing products on the EU market must notify ENISA and the relevant CSIRTs without undue delay once active exploitation is known.