CVE-2026-2705

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-2705
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-2705.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-2705
Downstream
Related
Published
2026-02-19T05:02:07.101Z
Modified
2026-06-18T19:53:41.592078Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Open Babel MOL2 File atom.h SetFormalCharge out-of-bounds
Details

A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The manipulation results in out-of-bounds read. It is possible to launch the attack remotely. The exploit is now public and may be used. The patch is identified as e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. A patch should be applied to remediate this issue. The project was informed of the problem early through an issue report but has not responded yet.

Database specific 
{
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-119",
        "CWE-125"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/2xxx/CVE-2026-2705.json"
}
References

Affected packages

Git / github.com/vedantmadane/openbabel

Affected ranges

Type
GIT
Repo
https://github.com/vedantmadane/openbabel
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a
Database specific 
{
    "cpe": "cpe:2.3:a:openbabel:open_babel:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.1.1"
        }
    ]
}

Affected versions

Other
openbabel-3-0-0
openbabel-3-0-0a1
openbabel-3-0-0a2
openbabel-3-1-0
openbabel-3-1-1

Database specific

vanir_signatures 
[
    {
        "digest": {
            "function_hash": "30010962304116138080607436319469699538",
            "length": 8741.0
        },
        "id": "CVE-2026-2705-01bc6dd8",
        "signature_type": "Function",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/vedantmadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a",
        "target": {
            "file": "src/formats/mol2format.cpp",
            "function": "MOL2Format::ReadMolecule"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "217684272962877016414138833642465327871",
                "281597259995795846860484565484922236444",
                "67944802873645976870685274386029446693",
                "284286721701357702013437237273380090033",
                "242538309816058351042879703787182903972"
            ]
        },
        "id": "CVE-2026-2705-0f76489d",
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/vedantmadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a",
        "target": {
            "file": "src/formats/xml/cdxmlformat.cpp"
        }
    },
    {
        "digest": {
            "function_hash": "119405193706058877749533351361322555021",
            "length": 1251.0
        },
        "id": "CVE-2026-2705-33bca003",
        "signature_type": "Function",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/vedantmadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a",
        "target": {
            "file": "src/math/transform3d.cpp",
            "function": "transform3d::DescribeAsString"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "74714072063425806463116978712476486227",
                "26720173946644870887389989496423085704",
                "17720890902694951893861370958398576869",
                "241071117686927028701713811667404671016",
                "310400835440742988261621149033241726729",
                "223347280846511975360235714746911352592",
                "113071542473268934638868109943538653392"
            ]
        },
        "id": "CVE-2026-2705-a7c7b4f1",
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/vedantmadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a",
        "target": {
            "file": "src/formats/mol2format.cpp"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "126791517391950924350933049496851609362",
                "273447677231502680745093624288136141499",
                "122020157048298215120106090724374946668",
                "106789864566273743879341108317849902974",
                "40275149034654090481755797826856792854"
            ]
        },
        "id": "CVE-2026-2705-b63644bb",
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/vedantmadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a",
        "target": {
            "file": "src/math/transform3d.cpp"
        }
    },
    {
        "digest": {
            "function_hash": "76514931888117891657624299142639965215",
            "length": 650.0
        },
        "id": "CVE-2026-2705-f94e2ea9",
        "signature_type": "Function",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/vedantmadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a",
        "target": {
            "file": "src/formats/xml/cdxmlformat.cpp",
            "function": "ChemDrawXMLFormat::EndElement"
        }
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-2705.json"
vanir_signatures_modified 
"2026-06-18T19:53:41Z"