CVE-2026-21897 affects NASA's CryptoLib, a software solution for securing spacecraft communications using CCSDS Space Data Link Security Protocol. The vulnerability exists in the Crypto_Config_Add_Gvcid_Managed_Parameters function prior to version 1.4.3, where improper boundary checking allows writing past the end of an array. This causes an out-of-bounds write that overwrites the gvcid_counter variable with arbitrary values, potentially affecting parameter lookup and registration logic. The issue impacts communications security between spacecraft running core Flight System (cFS) and ground stations. The vulnerability has been patched in version 1.4.3.