CVE-2021-26826 — Out-of-bounds Write in Godot Engine

CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.6%

top 29.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Godotengine Godot Godotengine Godot Engine

Timeline

PublishedFeb 8

Latest updateJun 18

Description

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debiangodotengine/godot< 3.5.1-stable-1

▶NVDgodotengine/godot_engine3.2

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

godot vulnerabilities↗2025-06-18

▶

GHSA

GHSA-fcrr-6fjg-7jpj: A stack overflow issue exists in Godot Engine up to v3↗2022-05-24

▶

OSV

CVE-2021-26826: A stack overflow issue exists in Godot Engine up to v3↗2021-02-08

▶

CVEList

CVE-2021-26826: A stack overflow issue exists in Godot Engine up to v3↗2021-02-08

▶

📋Vendor Advisories

Ubuntu

Godot Engine vulnerabilities↗2025-06-18

▶

Debian

CVE-2021-26826: godot - A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improp...↗2021

▶