The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-2653

CVE-2026-2653: ADMesh Buffer Overflow Vulnerability

CVE-2026-2653 is a heap-based buffer overflow flaw in ADMesh up to version 0.98.5 affecting the stl_check_normal_vector function. This post covers technical details, affected versions, attack vectors, and mitigation.

Published: February 20, 2026

CVE-2026-2653 Overview

A heap-based buffer overflow vulnerability has been discovered in ADMesh, an open-source library and command-line tool for manipulating STL (Stereolithography) mesh files. The flaw exists in the stl_check_normal_vector function within the src/normals.c file, affecting versions up to and including 0.98.5. Successful exploitation of this vulnerability requires local access and could allow an attacker to corrupt heap memory, potentially leading to application crashes or arbitrary code execution.

Critical Impact

This heap-based buffer overflow vulnerability in ADMesh could be exploited by local attackers to corrupt memory and potentially execute arbitrary code. The exploit has been publicly released, and the product appears to be unmaintained, increasing the risk for organizations still using this software.

Affected Products

  • ADMesh versions up to and including 0.98.5
  • Applications and systems that integrate ADMesh library for STL file processing
  • 3D printing and CAD/CAM workflows utilizing ADMesh

Discovery Timeline

  • 2026-02-18 - CVE-2026-2653 published to NVD
  • 2026-02-18 - Last updated in NVD database

Technical Details for CVE-2026-2653

Vulnerability Analysis

This vulnerability is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). The flaw resides in the stl_check_normal_vector function in src/normals.c, which processes normal vector data during STL file operations. When handling specially crafted input, the function fails to properly validate buffer boundaries, allowing heap memory to be overwritten beyond allocated bounds.

The vulnerability requires local access for exploitation, meaning an attacker needs to either have direct access to the system or convince a user to process a malicious STL file. The public disclosure of this vulnerability, combined with the apparent lack of maintenance for the ADMesh project, creates a concerning situation for users who depend on this software for 3D mesh processing workflows.

Root Cause

The root cause of this vulnerability is insufficient boundary checking in the stl_check_normal_vector function when processing normal vector calculations for STL mesh data. The function does not adequately validate array indices or buffer sizes before performing write operations, allowing memory corruption when processing malformed input. This is a classic example of unsafe memory handling in C code where bounds validation is left to the developer rather than enforced by the language.

Attack Vector

The attack vector is local, requiring the attacker to either have direct access to the system or to craft a malicious STL file that triggers the vulnerability when processed by ADMesh. The vulnerability can be triggered through manipulation of input data that causes the stl_check_normal_vector function to write beyond the allocated heap buffer.

The vulnerability manifests when ADMesh processes specially crafted STL files containing malformed normal vector data. When the stl_check_normal_vector function in src/normals.c processes this data, improper boundary validation allows heap memory corruption. Researchers have documented this issue in GitHub Issue #65, which includes technical details and a proof-of-concept file for reproduction. The VulDB entry provides additional vulnerability intelligence.

Detection Methods for CVE-2026-2653

Indicators of Compromise

  • Unexpected crashes or segmentation faults when ADMesh processes STL files
  • Memory corruption errors in application logs related to ADMesh operations
  • Presence of suspicious or unexpectedly large STL files in processing directories
  • Abnormal memory usage patterns when ADMesh is invoked

Detection Strategies

  • Monitor process execution for ADMesh (admesh binary) and log all file arguments passed to it
  • Implement file integrity monitoring on directories where STL files are stored and processed
  • Deploy endpoint detection to identify heap corruption or buffer overflow attempts
  • Review application logs for abnormal termination of ADMesh-related processes

Monitoring Recommendations

  • Enable enhanced logging for applications that integrate with ADMesh library
  • Monitor for suspicious STL file uploads or transfers to systems running ADMesh
  • Set up alerts for repeated crashes of processes utilizing ADMesh functionality
  • Implement memory protection features (ASLR, DEP) and monitor for bypass attempts

How to Mitigate CVE-2026-2653

Immediate Actions Required

  • Audit systems and applications to identify all instances of ADMesh usage
  • Restrict access to ADMesh processing to trusted users and automated workflows only
  • Implement strict input validation on all STL files before processing with ADMesh
  • Consider migrating to actively maintained alternative STL processing libraries

Patch Information

As of the last NVD update on 2026-02-18, no official patch has been released for this vulnerability. The ADMesh project appears to be unmaintained based on the CVE description. Users are advised to monitor the ADMesh GitHub repository for any potential community-contributed fixes or to evaluate alternative software solutions. The GitHub Issue #65 contains additional technical discussion regarding this vulnerability.

Workarounds

  • Isolate ADMesh operations within sandboxed or containerized environments to limit potential impact
  • Implement strict file validation and sanitization for all STL files before processing
  • Run ADMesh processes with minimal privileges using principle of least privilege
  • Consider using alternative, actively maintained STL processing tools such as OpenSCAD or MeshLab for critical operations
bash
# Configuration example: Run ADMesh in restricted sandbox environment
# Create dedicated user with minimal privileges
useradd -r -s /bin/false admesh_user

# Run ADMesh in sandboxed environment with limited permissions
firejail --private --net=none --noprofile \
  sudo -u admesh_user admesh input.stl -o output.stl

# Alternative: Use Docker container isolation
docker run --rm --read-only -v /data/input:/input:ro -v /data/output:/output \
  admesh-container admesh /input/file.stl -o /output/result.stl

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeBuffer Overflow
  • Vendor/TechAdmesh
  • SeverityMEDIUM
  • CVSS Score4.8
  • EPSS Probability0.01%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityLow
  • CWE References
  • CWE-119
  • Technical References
  • GitHub Project Repository
  • GitHub Issue #65
  • GitHub Issue Comment
  • GitHub Attachment File
  • VulDB CTIID #346450
  • VulDB #346450
  • VulDB Submission #752596
  • Latest CVEs
  • CVE-2025-70797: LimeSurvey XSS Vulnerability
  • CVE-2025-30650: Juniper Junos OS Auth Bypass Vulnerability
  • CVE-2026-35471: Goshs Path Traversal Vulnerability
  • CVE-2026-35393: Goshs Path Traversal Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English