CVE-2026-2705

low-risk

Published 2026-02-19

A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The manipulation results in out-of-bounds read. It is possible to launch the attack remotely. The exploit is now public and may be used. The patch is identified as e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. A patch should be applied to remediate this issue. The project was informed of the problem early through an issue report but has not responded yet.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Open Babel

Affected Vendors

Openbabel

References (7)

https://github.com/VedantMadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb...

Exploit https://github.com/oneafter/0128/blob/main/ob2/repro.mol2

Exploit https://github.com/openbabel/openbabel/issues/2848

https://github.com/openbabel/openbabel/pull/2862

Permissions Required https://vuldb.com/?ctiid.346651

Third Party Advisory https://vuldb.com/?id.346651

Third Party Advisory https://vuldb.com/?submit.754379

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal