CVE•Published 2026-01-07•Modified 2026-05-26•0 articles on news•7 live references•NVD data

CVE-2026-22190Cmu · Panda3d

Vulnerability data via NVD (ingested)

CVSS v3.1

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS percentile

Exploit Prediction Scoring System · top 84% of all CVEs

Weaknesses (CWE)

CWE-134Use of Externally-Controlled Format String

Description

The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attacker provides additional format specifiers, egg-mkfont may read unintended stack values and write the formatted output into generated .egg and .png files, resulting in disclosure of stack-resident memory and pointer values.

Timeline

Published 2026-01-07

Modified 2026-05-26

External references

NVD MITRE Exploit-DB GitHub PoC Sploitus trickest/cve VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common). Live host counts are a Premium feature.

Shodan · vuln tag

vuln:CVE-2026-22190

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · product

product:"Cmu Panda3d"

All exposed Cmu Panda3d instances — cross-reference with the CVE's affected-version range.

Shodan · banner/body mention

http.html:"Panda3d"

HTTP body or banner mentions "Panda3d" — catches deploys Shodan didn't identify as a product.

More intel sources (5)

Shodan report

vuln:CVE-2026-22190