CVE-2026-22190

EUVD-2026-1163

07.01.2026, 21:16

Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attacker provides additional format specifiers, egg-mkfont may read unintended stack values and write the formatted output into generated .egg and .png files, resulting in disclosure of stack-resident memory and pointer values.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 15%

Affected Products (NVD)

Vendor	Product	Version
cmu	panda3d	𝑥 ≤ 1.10.16

𝑥

= Vulnerable software versions

Known Exploits!

https://seclists.org/fulldisclosure/2026/Jan/11

Common Weakness Enumeration

CWE-134 - Use of Externally-Controlled Format String
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

References

https://github.com/panda3d/panda3d

https://seclists.org/fulldisclosure/2026/Jan/11

https://www.panda3d.org/

https://www.vulncheck.com/advisories/panda3d-egg-mkfont-format-string-information-disclosure