{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T16:34:04.100","vulnerabilities":[{"cve":{"id":"CVE-2026-22903","sourceIdentifier":"info@cert.vde.com","published":"2026-02-09T08:16:10.103","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections."},{"lang":"es","value":"Un atacante remoto no autenticado puede enviar una solicitud HTTP manipulada que contiene una cookie SESSIONID excesivamente larga. Esto puede desencadenar un desbordamiento de búfer de pila en el servidor lighttpd modificado, lo que provoca su caída y potencialmente permite la ejecución remota de código debido a la falta de protecciones de pila."}],"metrics":{"cvssMetricV31":[{"source":"info@cert.vde.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"info@cert.vde.com","type":"Primary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://certvde.com/de/advisories/VDE-2026-004","source":"info@cert.vde.com"}]}}]}