CVE-2026-10718 - Vulnerability Details - OpenCVE

Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 bytes outside of the allocated space when running this operation.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Seagate	Open Seachest

No data.

No data.

References

Link	Providers
https://www.seagate.com/product-security/#security-advisories
https://www.seagate.com/support/software/seachest/

History

Wed, 03 Jun 2026 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 03 Jun 2026 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Seagate Seagate open Seachest
Vendors & Products		Seagate Seagate open Seachest

Wed, 03 Jun 2026 02:30:00 +0000

Type	Values Removed	Values Added
Description		Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 bytes outside of the allocated space when running this operation.
Title		Open Seachest/Seachest NVMe Trim (Deallocate) Vulnerability
Weaknesses		CWE-787
References		https://www.seagate.com/product-security/#security-advisories https://www.seagate.com/support/software/seachest/
Metrics		cvssV4_0 `{'score': 4.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green'}`

MITRE

Status: PUBLISHED

Assigner: Seagate

Published: 2026-06-02T22:19:40.813Z

Updated: 2026-06-03T13:06:43.250Z

Reserved: 2026-06-02T22:16:26.474Z

Link: CVE-2026-10718

Vulnrichment

Updated: 2026-06-03T13:05:19.980Z

NVD

Status : Received

Published: 2026-06-02T23:16:35.157

Modified: 2026-06-02T23:16:35.157

Link: CVE-2026-10718

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-10718", "assignerOrgId": "c6156efd-4bd0-48d7-8520-680200527478", "state": "PUBLISHED", "assignerShortName": "Seagate", "dateReserved": "2026-06-02T22:16:26.474Z", "datePublished": "2026-06-02T22:19:40.813Z", "dateUpdated": "2026-06-03T13:06:43.250Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c6156efd-4bd0-48d7-8520-680200527478", "shortName": "Seagate", "dateUpdated": "2026-06-02T22:19:40.813Z"}, "title": "Open Seachest/Seachest NVMe Trim (Deallocate) Vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds write", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "affected": [{"collectionURL": "https://github.com/Seagate/", "packageName": "openSeaChest", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "26.03.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Out of bounds write in openSeaChest\u2019s Trim/Unmap operation in Seagate\u2019s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 bytes outside of the allocated space when running this operation.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Out of bounds write in openSeaChest\u2019s Trim/Unmap operation in Seagate\u2019s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 bytes outside of the allocated space when running this operation."}]}], "references": [{"url": "https://www.seagate.com/product-security/#security-advisories"}, {"url": "https://www.seagate.com/support/software/seachest/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NEGLIGIBLE", "Automatable": "YES", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "LOW", "providerUrgency": "GREEN", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4.6, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-03T13:05:10.627663Z", "id": "CVE-2026-10718", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-03T13:06:43.250Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-10718", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-03T13:05:10.627663Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-03T13:05:19.980Z"}}], "cna": {"title": "Open Seachest/Seachest NVMe Trim (Deallocate) Vulnerability", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 4.6, "Automatable": "YES", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "26.03.0"}], "packageName": "openSeaChest", "collectionURL": "https://github.com/Seagate/", "defaultStatus": "unaffected"}], "references": [{"url": "https://www.seagate.com/product-security/#security-advisories"}, {"url": "https://www.seagate.com/support/software/seachest/"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "Out of bounds write in openSeaChest\u2019s Trim/Unmap operation in Seagate\u2019s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 bytes outside of the allocated space when running this operation.", "supportingMedia": [{"type": "text/html", "value": "Out of bounds write in openSeaChest\u2019s Trim/Unmap operation in Seagate\u2019s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 bytes outside of the allocated space when running this operation.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds write"}]}], "providerMetadata": {"orgId": "c6156efd-4bd0-48d7-8520-680200527478", "shortName": "Seagate", "dateUpdated": "2026-06-02T22:19:40.813Z"}}}, "cveMetadata": {"cveId": "CVE-2026-10718", "state": "PUBLISHED", "dateUpdated": "2026-06-03T13:06:43.250Z", "dateReserved": "2026-06-02T22:16:26.474Z", "assignerOrgId": "c6156efd-4bd0-48d7-8520-680200527478", "datePublished": "2026-06-02T22:19:40.813Z", "assignerShortName": "Seagate"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out of bounds write in openSeaChest\u2019s Trim/Unmap operation in Seagate\u2019s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 bytes outside of the allocated space when running this operation."}], "id": "CVE-2026-10718", "lastModified": "2026-06-02T23:16:35.157", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "GREEN", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Green", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "source": "c6156efd-4bd0-48d7-8520-680200527478", "type": "Secondary"}]}, "published": "2026-06-02T23:16:35.157", "references": [{"source": "c6156efd-4bd0-48d7-8520-680200527478", "url": "https://www.seagate.com/product-security/#security-advisories"}, {"source": "c6156efd-4bd0-48d7-8520-680200527478", "url": "https://www.seagate.com/support/software/seachest/"}], "sourceIdentifier": "c6156efd-4bd0-48d7-8520-680200527478", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "c6156efd-4bd0-48d7-8520-680200527478", "type": "Secondary"}]}