Common Weakness Enumeration

CWE-122

Allowed

Heap-based Buffer Overflow

Abstraction: Variant · Status: Draft

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

4111 vulnerabilities reference this CWE, most recent first.

CVE-2026-20777 (GCVE-0-2026-20777)

Vulnerability from cvelistv5 – Published: 2026-03-03 14:32 – Updated: 2026-03-03 15:17
VLAI
Summary
A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
The Biosig Project libbiosig Affected: 3.9.2
Affected: Master Branch (db9a9a63)
Create a notification for this product.
Credits
Discovered by Mark Bereza and Lilith >_> of Cisco Talos.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20777",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-03T15:13:53.561647Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-03T15:14:07.474Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-03-03T15:17:02.898Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2362"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libbiosig",
          "vendor": "The Biosig Project",
          "versions": [
            {
              "status": "affected",
              "version": "3.9.2"
            },
            {
              "status": "affected",
              "version": "Master Branch (db9a9a63)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Discovered by Mark Bereza and Lilith \u0026gt;_\u0026gt; of Cisco Talos."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-03T14:32:14.987Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362",
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2026-20777",
    "datePublished": "2026-03-03T14:32:14.987Z",
    "dateReserved": "2026-01-28T12:55:18.367Z",
    "dateUpdated": "2026-03-03T15:17:02.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20766 (GCVE-0-2026-20766)

Vulnerability from cvelistv5 – Published: 2026-04-27 23:45 – Updated: 2026-04-28 14:39
VLAI
Title
Milesight Cameras Heap-based Buffer Overflow
Summary
An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Milesight MS-Cxx63-PD Affected: 0 , ≤ 51.7.0.77-r12 (custom)
Create a notification for this product.
Milesight MS-Cxx64-xPD Affected: 0 , ≤ 51.7.0.77-r12 (custom)
Create a notification for this product.
Milesight MS-Cxx73-xPD Affected: 0 , ≤ 51.7.0.77-r12 (custom)
Create a notification for this product.
Milesight MS-Cxx75-xxPD Affected: 0 , ≤ 51.7.0.77-r12 (custom)
Create a notification for this product.
Milesight MS-Cxx83-xPD Affected: 0 , ≤ 51.7.0.77-r12 (custom)
Create a notification for this product.
Milesight MS-Cxx74-PA Affected: 0 , ≤ 3x.8.0.3-r11 (custom)
Create a notification for this product.
Milesight MS-C8477-HPG1 Affected: 0 , ≤ 63.8.0.4-r3 (custom)
Create a notification for this product.
Milesight MS-C8477-PC Affected: 0 , ≤ 48.8.0.4-r3 (custom)
Create a notification for this product.
Milesight MS-C5321-FPE Affected: 0 , ≤ 62.8.0.4-r5 (custom)
Create a notification for this product.
Milesight MS-Cxx72-xxxPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx62-xxxPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx52-xxxPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx66-xxxPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx66-xxxGPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx61-xxxPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx67-xxxPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx71-xxxPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx41-xxxPE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx76-PE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx65-PE Affected: 0 , ≤ 61.8.0.5-r2 (custom)
Create a notification for this product.
Milesight MS-Cxx66-xxxG1 Affected: 0 , ≤ 63.8.0.5-r3 (custom)
Create a notification for this product.
Milesight MS-Cxx62-xxxG1 Affected: 0 , ≤ 63.8.0.5-r3 (custom)
Create a notification for this product.
Milesight MS-Cxx72-xxxG1 Affected: 0 , ≤ 63.8.0.5-r3 (custom)
Create a notification for this product.
Milesight MS-CQxx31-xxxG1 Affected: 0 , ≤ CQ_63.8.0.5-r1 (custom)
Create a notification for this product.
Milesight MS-CQxx68-xxxG1 Affected: 0 , ≤ CQ_63.8.0.5-r1 (custom)
Create a notification for this product.
Milesight MS-CQxx72-xxxG1 Affected: 0 , ≤ CQ_63.8.0.5-r1 (custom)
Create a notification for this product.
Milesight MS-Nxxxx-NxE Affected: 0 , ≤ 7x.9.0.19-r5 (custom)
Create a notification for this product.
Milesight MS-Nxxxx-xxC Affected: 0 , ≤ 7x.9.0.19-r5 (custom)
Create a notification for this product.
Milesight MS-Nxxxx-xxE Affected: 0 , ≤ 7x.9.0.19-r5 (custom)
Create a notification for this product.
Milesight MS-Nxxxx-xxG Affected: 0 , ≤ 7x.9.0.19-r5 (custom)
Create a notification for this product.
Milesight MS-Nxxxx-xxH Affected: 0 , ≤ 7x.9.0.19-r5 (custom)
Create a notification for this product.
Milesight MS-Nxxxx-xxT Affected: 0 , ≤ 7x.9.0.19-r5 (custom)
Create a notification for this product.
Milesight PMC8266-FPE Affected: 0 , ≤ PO_61.8.0.4_LPR (custom)
Create a notification for this product.
Milesight PMC8266-FGPE Affected: 0 , ≤ PO_61.8.0.4_LPR (custom)
Create a notification for this product.
Milesight PM3322-E Affected: 0 , ≤ PI_61.8.0.3_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4466-X4RIPG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS5366-X12RIPG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS8266-X4RIPG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4466-X4RIVPG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4466-RFIVPG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS8266-X4RIVPG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS8266-RFIVPG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4466-X4RIWG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS8266-X4RIWG1 Affected: 0 , ≤ T_63.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS5510-GVH Affected: 0 , ≤ T_47.8.0.4_LPR-r7 (custom)
Create a notification for this product.
Milesight TS5510-GH Affected: 0 , ≤ T_47.8.0.4_LPR-r6 (custom)
Create a notification for this product.
Milesight TS5511-GVH Affected: 0 , ≤ T_47.8.0.4_LPR-r6 (custom)
Create a notification for this product.
Milesight TS2966-X12TPE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4466-X4RPE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS5366-X12PE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS8266-X4PE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS2966-X12TVPE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4466-X4RVPE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS5366-X12VPE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS8266-X4VPE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4441-X36RPE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4441-X36RE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS4466-X4RWE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight TS8266-X4WE Affected: 0 , ≤ T_61.8.0.4_LPR-r3 (custom)
Create a notification for this product.
Milesight MS-C2964-RFLPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight MS-C2972-RFLPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight MS-C2966-RFLWPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight TS2866-X4TPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight TS2866-X4TVPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight TS2866-X4TGPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight TS2841-X36TPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight TS2841-X36TPC/W Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight TS2867-X5TPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight TS2961-X12TPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight TS8266-FPC/P Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight MS-C2966-X12RLPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight MS-C2966-X12RLVPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight MS-C5366-X12LPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight MS-C5366-X12LVPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight MS-C5361-X12LPC Affected: 0 , ≤ T_45.8.0.3-r9 (custom)
Create a notification for this product.
Milesight MS-Cxx66-xxxxGOPC Affected: 0 , ≤ 45.8.0.2-AIoT-r4 (custom)
Create a notification for this product.
Milesight SC211 Affected: 0 , ≤ C_21.1.0.8-r4 (custom)
Create a notification for this product.
Milesight SP111 Affected: 0 , ≤ 52.8.0.4-r5 (custom)
Create a notification for this product.
Milesight MS-Cxx66-RFIPKG1 Affected: 0 , ≤ 63.8.0.4-r1-NX (custom)
Create a notification for this product.
Milesight MS-Cxx72-RFIPKG1 Affected: 0 , ≤ 63.8.0.4-r1-NX (custom)
Create a notification for this product.
Milesight MS-Cxx66-FIPKG1 Affected: 0 , ≤ 63.8.0.4-r1-NX (custom)
Create a notification for this product.
Milesight MS-Cxx72-FIPKG1 Affected: 0 , ≤ 63.8.0.4-r1-NX (custom)
Create a notification for this product.
Credits
Souvik Kandar reported these vulnerabilities to CISA
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20766",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-28T14:37:23.854997Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T14:39:17.799Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx63-PD",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "51.7.0.77-r12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx64-xPD",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "51.7.0.77-r12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx73-xPD",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "51.7.0.77-r12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx75-xxPD",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "51.7.0.77-r12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx83-xPD",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "51.7.0.77-r12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx74-PA",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "3x.8.0.3-r11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C8477-HPG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "63.8.0.4-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C8477-PC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "48.8.0.4-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C5321-FPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "62.8.0.4-r5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx72-xxxPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx62-xxxPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx52-xxxPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx66-xxxPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx66-xxxGPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx61-xxxPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx67-xxxPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx71-xxxPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx41-xxxPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx76-PE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx65-PE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "61.8.0.5-r2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx66-xxxG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "63.8.0.5-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx62-xxxG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "63.8.0.5-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx72-xxxG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "63.8.0.5-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-CQxx31-xxxG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "CQ_63.8.0.5-r1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-CQxx68-xxxG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "CQ_63.8.0.5-r1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-CQxx72-xxxG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "CQ_63.8.0.5-r1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Nxxxx-NxE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "7x.9.0.19-r5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Nxxxx-xxC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "7x.9.0.19-r5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Nxxxx-xxE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "7x.9.0.19-r5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Nxxxx-xxG",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "7x.9.0.19-r5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Nxxxx-xxH",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "7x.9.0.19-r5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Nxxxx-xxT",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "7x.9.0.19-r5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PMC8266-FPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "PO_61.8.0.4_LPR",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PMC8266-FGPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "PO_61.8.0.4_LPR",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PM3322-E",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "PI_61.8.0.3_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4466-X4RIPG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS5366-X12RIPG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS8266-X4RIPG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4466-X4RIVPG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4466-RFIVPG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS8266-X4RIVPG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS8266-RFIVPG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4466-X4RIWG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS8266-X4RIWG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_63.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS5510-GVH",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_47.8.0.4_LPR-r7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS5510-GH",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_47.8.0.4_LPR-r6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS5511-GVH",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_47.8.0.4_LPR-r6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2966-X12TPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4466-X4RPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS5366-X12PE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS8266-X4PE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2966-X12TVPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4466-X4RVPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS5366-X12VPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS8266-X4VPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4441-X36RPE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4441-X36RE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS4466-X4RWE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS8266-X4WE",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_61.8.0.4_LPR-r3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C2964-RFLPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C2972-RFLPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C2966-RFLWPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2866-X4TPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2866-X4TVPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2866-X4TGPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2841-X36TPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2841-X36TPC/W",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2867-X5TPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS2961-X12TPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TS8266-FPC/P",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C2966-X12RLPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C2966-X12RLVPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C5366-X12LPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C5366-X12LVPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-C5361-X12LPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "T_45.8.0.3-r9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx66-xxxxGOPC",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "45.8.0.2-AIoT-r4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SC211",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "C_21.1.0.8-r4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SP111",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "52.8.0.4-r5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx66-RFIPKG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "63.8.0.4-r1-NX",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx72-RFIPKG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "63.8.0.4-r1-NX",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx66-FIPKG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "63.8.0.4-r1-NX",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MS-Cxx72-FIPKG1",
          "vendor": "Milesight",
          "versions": [
            {
              "lessThanOrEqual": "63.8.0.4-r1-NX",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Souvik Kandar reported these vulnerabilities to CISA"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003eAn out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.\u003c/span\u003e"
            }
          ],
          "value": "An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-27T23:45:52.896Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json"
        },
        {
          "url": "https://www.milesight.com/support/download/firmware"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMilesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://www.milesight.com/support/download/firmware\" title=\"(opens in a new window)\"\u003ehttps://www.milesight.com/support/download/firmware\u003c/a\u003e\u003c/p\u003e\u003cp\u003eMS-Cxx63-PD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx64-xPD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx73-xPD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx75-xxPD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx83-xPD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx74-PA: Update to 3x.8.0.3-r13\u003c/p\u003e\u003cp\u003eMS-C8477-HPG1: Update to 63.8.0.4-r4\u003c/p\u003e\u003cp\u003e\u0026nbsp;MS-C8477-PC: Update to 48.8.0.4-r4\u003c/p\u003e\u003cp\u003eMS-C5321-FPE: Update to 62.8.0.4-r6\u003c/p\u003e\u003cp\u003eMS-Cxx72-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx62-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx52-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx66-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx66-xxxGPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx61-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx67-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx71-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx41-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx76-PE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx65-PE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx66-xxxG1: Update to 63.8.0.5-r4\u003c/p\u003e\u003cp\u003eMS-Cxx62-xxxG1: Update to 63.8.0.5-r4\u003c/p\u003e\u003cp\u003eMS-Cxx72-xxxG1: Update to 63.8.0.5-r4\u003c/p\u003e\u003cp\u003eMS-CQxx31-xxxG1: Update to CQ_63.8.0.5-r2\u0026nbsp;\u003c/p\u003e\u003cp\u003eMS-CQxx68-xxxG1: Update to CQ_63.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-CQxx72-xxxG1: Update to CQ_63.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Nxxxx-NxE: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxC: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxE: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxG: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxH: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxT: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003ePMC8266-FPE: Update to PO_61.8.0.4-r1\u003c/p\u003e\u003cp\u003ePMC8266-FGPE: Update to PO_61.8.0.4-r1\u003c/p\u003e\u003cp\u003ePM3322-E: Update to PI_61.8.0.3-r5\u003c/p\u003e\u003cp\u003eTS4466-X4RIPG1: Update to T_63.8.0.4-r4\u0026nbsp;\u003c/p\u003e\u003cp\u003eTS5366-X12RIPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4RIPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RIVPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-RFIVPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4RIVPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-RFIVPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RIWG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4RIWG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS5510-GVH: Update to T_47.8.0.4-r8\u003c/p\u003e\u003cp\u003eTS5510-GH: Update to T_47.8.0.4-r8\u003c/p\u003e\u003cp\u003eTS5511-GVH: Update to T_47.8.0.4-r8\u003c/p\u003e\u003cp\u003eTS2966-X12TPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS5366-X12PE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4PE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS2966-X12TVPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RVPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS5366-X12VPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4VPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4441-X36RPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4441-X36RE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RWE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4WE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eMS-C2964-RFLPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C2972-RFLPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C2966-RFLWPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2866-X4TPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2866-X4TVPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2866-X4TGPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2841-X36TPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2841-X36TPC/W: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2867-X5TPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2961-X12TPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS8266-FPC/P: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C2966-X12RLPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C2966-X12RLVPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C5366-X12LPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C5366-X12LVPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C5361-X12LPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-Cxx66-xxxxGOPC: Update to 45.8.0.2-AIoT-r5\u003c/p\u003e\u003cp\u003eSC211: Update to C_21.1.0.8-r5\u003c/p\u003e\u003cp\u003eSP111: Update to 52.8.0.4-r6\u003c/p\u003e\u003cp\u003eMS-Cxx66-RFIPKG1: Update to 63.8.0.5-r2-NX\u003c/p\u003e\u003cp\u003eMS-Cxx72-RFIPKG1: Update to 63.8.0.5-r2-NX\u003c/p\u003e\u003cp\u003eMS-Cxx66-FIPKG1: Update to 63.8.0.5-r2-NX\u003c/p\u003e\u003cp\u003eMS-Cxx72-FIPKG1: Update to 63.8.0.5-r2-NX\u003c/p\u003e"
            }
          ],
          "value": "Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.\u00a0\n https://www.milesight.com/support/download/firmware \n\nMS-Cxx63-PD: Update to 51.7.0.77-r13\n\nMS-Cxx64-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx73-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx75-xxPD: Update to 51.7.0.77-r13\n\nMS-Cxx83-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx74-PA: Update to 3x.8.0.3-r13\n\nMS-C8477-HPG1: Update to 63.8.0.4-r4\n\n\u00a0MS-C8477-PC: Update to 48.8.0.4-r4\n\nMS-C5321-FPE: Update to 62.8.0.4-r6\n\nMS-Cxx72-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx62-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx52-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxGPE: Update to 61.8.0.5-r2\n\nMS-Cxx61-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx67-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx71-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx41-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx76-PE: Update to 61.8.0.5-r2\n\nMS-Cxx65-PE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxG1: Update to 63.8.0.5-r4\n\nMS-Cxx62-xxxG1: Update to 63.8.0.5-r4\n\nMS-Cxx72-xxxG1: Update to 63.8.0.5-r4\n\nMS-CQxx31-xxxG1: Update to CQ_63.8.0.5-r2\u00a0\n\nMS-CQxx68-xxxG1: Update to CQ_63.8.0.5-r2\n\nMS-CQxx72-xxxG1: Update to CQ_63.8.0.5-r2\n\nMS-Nxxxx-NxE: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxC: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxE: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxG: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxH: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxT: Update to 7x.9.0.19-r6\n\nPMC8266-FPE: Update to PO_61.8.0.4-r1\n\nPMC8266-FGPE: Update to PO_61.8.0.4-r1\n\nPM3322-E: Update to PI_61.8.0.3-r5\n\nTS4466-X4RIPG1: Update to T_63.8.0.4-r4\u00a0\n\nTS5366-X12RIPG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIPG1: Update to T_63.8.0.4-r4\n\nTS4466-X4RIVPG1: Update to T_63.8.0.4-r4\n\nTS4466-RFIVPG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIVPG1: Update to T_63.8.0.4-r4\n\nTS8266-RFIVPG1: Update to T_63.8.0.4-r4\n\nTS4466-X4RIWG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIWG1: Update to T_63.8.0.4-r4\n\nTS5510-GVH: Update to T_47.8.0.4-r8\n\nTS5510-GH: Update to T_47.8.0.4-r8\n\nTS5511-GVH: Update to T_47.8.0.4-r8\n\nTS2966-X12TPE: Update to T_61.8.0.4-r4\n\nTS4466-X4RPE: Update to T_61.8.0.4-r4\n\nTS5366-X12PE: Update to T_61.8.0.4-r4\n\nTS8266-X4PE: Update to T_61.8.0.4-r4\n\nTS2966-X12TVPE: Update to T_61.8.0.4-r4\n\nTS4466-X4RVPE: Update to T_61.8.0.4-r4\n\nTS5366-X12VPE: Update to T_61.8.0.4-r4\n\nTS8266-X4VPE: Update to T_61.8.0.4-r4\n\nTS4441-X36RPE: Update to T_61.8.0.4-r4\n\nTS4441-X36RE: Update to T_61.8.0.4-r4\n\nTS4466-X4RWE: Update to T_61.8.0.4-r4\n\nTS8266-X4WE: Update to T_61.8.0.4-r4\n\nMS-C2964-RFLPC: Update to T_45.8.0.3-r10\n\nMS-C2972-RFLPC: Update to T_45.8.0.3-r10\n\nMS-C2966-RFLWPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TVPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TGPC: Update to T_45.8.0.3-r10\n\nTS2841-X36TPC: Update to T_45.8.0.3-r10\n\nTS2841-X36TPC/W: Update to T_45.8.0.3-r10\n\nTS2867-X5TPC: Update to T_45.8.0.3-r10\n\nTS2961-X12TPC: Update to T_45.8.0.3-r10\n\nTS8266-FPC/P: Update to T_45.8.0.3-r10\n\nMS-C2966-X12RLPC: Update to T_45.8.0.3-r10\n\nMS-C2966-X12RLVPC: Update to T_45.8.0.3-r10\n\nMS-C5366-X12LPC: Update to T_45.8.0.3-r10\n\nMS-C5366-X12LVPC: Update to T_45.8.0.3-r10\n\nMS-C5361-X12LPC: Update to T_45.8.0.3-r10\n\nMS-Cxx66-xxxxGOPC: Update to 45.8.0.2-AIoT-r5\n\nSC211: Update to C_21.1.0.8-r5\n\nSP111: Update to 52.8.0.4-r6\n\nMS-Cxx66-RFIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx72-RFIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx66-FIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx72-FIPKG1: Update to 63.8.0.5-r2-NX"
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMilesight asks all users to report potential security vulnerabilities to security@milesight.com.\u003cbr\u003e\u003ca href=\"mailto:security@milesight.com\"\u003emailto:security@milesight.com\u003c/a\u003e\u003cbr\u003eLearn more: Milesight Vulnerability Reporting Policy\u003cbr\u003e\u003ca href=\"https://www.milesight.com/legal/vulnerability-report\" title=\"(opens in a new window)\"\u003ehttps://www.milesight.com/legal/vulnerability-report\u003c/a\u003e\u003c/p\u003e"
            }
          ],
          "value": "Milesight asks all users to report potential security vulnerabilities to security@milesight.com.\n mailto:security@milesight.com \nLearn more: Milesight Vulnerability Reporting Policy\n https://www.milesight.com/legal/vulnerability-report"
        }
      ],
      "source": {
        "advisory": "ICSA-26-113-03",
        "discovery": "EXTERNAL"
      },
      "title": "Milesight Cameras Heap-based Buffer Overflow",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2026-20766",
    "datePublished": "2026-04-27T23:45:52.896Z",
    "dateReserved": "2026-03-12T17:51:09.860Z",
    "dateUpdated": "2026-04-28T14:39:17.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20462 (GCVE-0-2026-20462)

Vulnerability from cvelistv5 – Published: 2026-07-01 03:14 – Updated: 2026-07-02 03:55
VLAI
Summary
In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS11006447; Issue ID: MSV-7871.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
MediaTek, Inc. MediaTek chipset Affected: MT6739
Affected: MT6761
Affected: MT6765
Affected: MT6768
Affected: MT6781
Affected: MT6789
Affected: MT6833
Affected: MT6853
Affected: MT6855
Affected: MT6877
Affected: MT6883
Affected: MT6885
Affected: MT6889
Affected: MT6893
Affected: MT8695
Affected: MT8696
Affected: MT8765
Affected: MT8766
Affected: MT8766R
Affected: MT8768
Affected: MT8781
Affected: MT8791
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-20462",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-02T03:55:17.558Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MediaTek chipset",
          "vendor": "MediaTek, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "MT6739"
            },
            {
              "status": "affected",
              "version": "MT6761"
            },
            {
              "status": "affected",
              "version": "MT6765"
            },
            {
              "status": "affected",
              "version": "MT6768"
            },
            {
              "status": "affected",
              "version": "MT6781"
            },
            {
              "status": "affected",
              "version": "MT6789"
            },
            {
              "status": "affected",
              "version": "MT6833"
            },
            {
              "status": "affected",
              "version": "MT6853"
            },
            {
              "status": "affected",
              "version": "MT6855"
            },
            {
              "status": "affected",
              "version": "MT6877"
            },
            {
              "status": "affected",
              "version": "MT6883"
            },
            {
              "status": "affected",
              "version": "MT6885"
            },
            {
              "status": "affected",
              "version": "MT6889"
            },
            {
              "status": "affected",
              "version": "MT6893"
            },
            {
              "status": "affected",
              "version": "MT8695"
            },
            {
              "status": "affected",
              "version": "MT8696"
            },
            {
              "status": "affected",
              "version": "MT8765"
            },
            {
              "status": "affected",
              "version": "MT8766"
            },
            {
              "status": "affected",
              "version": "MT8766R"
            },
            {
              "status": "affected",
              "version": "MT8768"
            },
            {
              "status": "affected",
              "version": "MT8781"
            },
            {
              "status": "affected",
              "version": "MT8791"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS11006447; Issue ID: MSV-7871."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T03:14:04.991Z",
        "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "shortName": "MediaTek"
      },
      "references": [
        {
          "url": "https://corp.mediatek.com/product-security-bulletin/July-2026"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
    "assignerShortName": "MediaTek",
    "cveId": "CVE-2026-20462",
    "datePublished": "2026-07-01T03:14:04.991Z",
    "dateReserved": "2025-11-03T01:30:59.014Z",
    "dateUpdated": "2026-07-02T03:55:17.558Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20452 (GCVE-0-2026-20452)

Vulnerability from cvelistv5 – Published: 2026-06-01 03:20 – Updated: 2026-06-02 03:55
VLAI
Summary
In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
MediaTek, Inc. MediaTek chipset Affected: MT6890
Affected: MT7615
Affected: MT7915
Affected: MT7916
Affected: MT7981
Affected: MT7986
Affected: MT7990
Affected: MT7992
Affected: MT7993
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-20452",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T03:55:38.204Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MediaTek chipset",
          "vendor": "MediaTek, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "MT6890"
            },
            {
              "status": "affected",
              "version": "MT7615"
            },
            {
              "status": "affected",
              "version": "MT7915"
            },
            {
              "status": "affected",
              "version": "MT7916"
            },
            {
              "status": "affected",
              "version": "MT7981"
            },
            {
              "status": "affected",
              "version": "MT7986"
            },
            {
              "status": "affected",
              "version": "MT7990"
            },
            {
              "status": "affected",
              "version": "MT7992"
            },
            {
              "status": "affected",
              "version": "MT7993"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T03:20:08.315Z",
        "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "shortName": "MediaTek"
      },
      "references": [
        {
          "url": "https://corp.mediatek.com/product-security-bulletin/June-2026"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
    "assignerShortName": "MediaTek",
    "cveId": "CVE-2026-20452",
    "datePublished": "2026-06-01T03:20:08.315Z",
    "dateReserved": "2025-11-03T01:30:59.013Z",
    "dateUpdated": "2026-06-02T03:55:38.204Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20408 (GCVE-0-2026-20408)

Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI
Summary
In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
MediaTek, Inc. MediaTek chipset Affected: MT6890
Affected: MT7615
Affected: MT7915
Affected: MT7916
Affected: MT7981
Affected: MT7986
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-20408",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-03T04:55:40.470235Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:39.421Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MediaTek chipset",
          "vendor": "MediaTek, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "MT6890"
            },
            {
              "status": "affected",
              "version": "MT7615"
            },
            {
              "status": "affected",
              "version": "MT7915"
            },
            {
              "status": "affected",
              "version": "MT7916"
            },
            {
              "status": "affected",
              "version": "MT7981"
            },
            {
              "status": "affected",
              "version": "MT7986"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-30T13:02:57.756Z",
        "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "shortName": "MediaTek"
      },
      "references": [
        {
          "url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
    "assignerShortName": "MediaTek",
    "cveId": "CVE-2026-20408",
    "datePublished": "2026-02-02T08:14:56.694Z",
    "dateReserved": "2025-11-03T01:30:59.008Z",
    "dateUpdated": "2026-03-30T13:02:57.756Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20185 (GCVE-0-2026-20185)

Vulnerability from cvelistv5 – Published: 2026-05-06 16:15 – Updated: 2026-05-06 17:48
VLAI
Title
Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vunerability
Summary
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.  This vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Small Business Smart and Managed Switches Affected: 2.5.9.54
Affected: 2.5.9.55
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20185",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-06T17:36:31.829064Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-06T17:48:26.175Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Small Business Smart and Managed Switches",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.9.54"
            },
            {
              "status": "affected",
              "version": "2.5.9.55"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of\u0026nbsp;Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X)\u0026nbsp;firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\r\nThis vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-06T16:15:23.838Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-sg350-snmp-dos-GEFZr2Tj",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj"
        }
      ],
      "source": {
        "advisory": "cisco-sa-sg350-snmp-dos-GEFZr2Tj",
        "defects": [
          "CSCwt39853"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vunerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20185",
    "datePublished": "2026-05-06T16:15:23.838Z",
    "dateReserved": "2025-10-08T11:59:15.394Z",
    "dateUpdated": "2026-05-06T17:48:26.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20053 (GCVE-0-2026-20053)

Vulnerability from cvelistv5 – Published: 2026-03-04 17:46 – Updated: 2026-03-04 21:25
VLAI
Title
Cisco Secure Firewall Threat Defense Software Snort 3 Visual Basic for Application Heap Overflow Denial of Service Vulnerability
Summary
Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to improper range checking when decompressing VBA data, which is user controlled. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause an overflow of heap data, which could cause a DoS condition.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Cyber Vision Affected: 3.0.0
Affected: 3.0.2
Affected: 3.0.3
Affected: 3.0.1
Affected: 3.1.0
Affected: 3.0.4
Affected: 3.1.1
Affected: 3.1.2
Affected: 3.2.0
Affected: 3.0.5
Affected: 3.2.1
Affected: 3.0.6
Affected: 3.2.2
Affected: 3.2.3
Affected: 3.2.4
Affected: 4.0.0
Affected: 4.0.1
Affected: 4.0.2
Affected: 4.0.3
Affected: 4.1.0
Affected: 4.1.1
Affected: 4.1.2
Affected: 4.1.3
Affected: 4.1.4
Affected: 4.2.0
Affected: 4.2.1
Affected: 4.1.5
Affected: 4.2.2
Affected: 4.2.X
Affected: 4.2.3
Affected: 4.2.4
Affected: 4.2.6
Affected: 4.1.6
Affected: 4.3.0
Affected: 4.3.1
Affected: 4.3.2
Affected: 4.3.3
Affected: 4.4.0
Affected: 4.4.1
Affected: 4.4.2
Affected: 4.4.3
Affected: 4.1.7
Affected: 5.0.0
Affected: 5.0.1
Affected: 5.0.2
Affected: 5.1.0
Affected: 5.1.1
Affected: 5.1.2
Affected: 5.1.3
Affected: 5.2.0
Affected: 5.2.1
Affected: 5.3.0
Affected: 5.3.1
Affected: 5.3.2
Create a notification for this product.
Cisco Cisco Secure Firewall Threat Defense (FTD) Software Affected: 7.2.0
Affected: 7.2.0.1
Affected: 7.2.1
Affected: 7.3.0
Affected: 7.2.2
Affected: 7.2.3
Affected: 7.3.1
Affected: 7.2.4
Affected: 7.2.5
Affected: 7.2.4.1
Affected: 7.3.1.1
Affected: 7.4.0
Affected: 7.2.5.1
Affected: 7.4.1
Affected: 7.2.6
Affected: 7.4.1.1
Affected: 7.2.7
Affected: 7.2.5.2
Affected: 7.3.1.2
Affected: 7.2.8
Affected: 7.6.0
Affected: 7.4.2
Affected: 7.2.8.1
Affected: 7.4.2.1
Affected: 7.2.9
Affected: 7.7.0
Affected: 7.4.2.2
Affected: 7.2.10
Affected: 7.6.1
Affected: 7.4.2.3
Affected: 7.6.2
Affected: 7.7.10
Affected: 7.6.2.1
Affected: 7.7.10.1
Affected: 7.4.2.4
Affected: 7.2.10.2
Affected: 7.4.3
Create a notification for this product.
Cisco Cisco UTD SNORT IPS Engine Software Affected: 17.12.1a
Affected: 17.9.4
Affected: 17.12.2
Affected: 17.13.1a
Affected: 17.12.3
Affected: 17.14.1a
Affected: 17.12.4
Affected: 17.12.3a
Affected: 17.15.1a
Affected: 17.16.1a
Affected: 17.9.5e
Affected: 17.12.4a
Affected: 17.15.2c
Affected: 17.12.4b
Affected: 17.15.2a
Affected: 17.12.5
Affected: 17.17.1
Affected: 17.12.5a
Affected: 17.15.3a
Affected: 17.15.3
Affected: 17.12.5b
Affected: 17.12.5c
Affected: 17.15.4
Affected: 17.18.1
Affected: 17.18.1a
Affected: 17.12.6
Affected: 17.15.4c
Affected: 17.12.5d
Affected: 17.18.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20053",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-04T21:24:52.682489Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-04T21:25:01.489Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Cyber Vision",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0"
            },
            {
              "status": "affected",
              "version": "3.0.2"
            },
            {
              "status": "affected",
              "version": "3.0.3"
            },
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "3.0.4"
            },
            {
              "status": "affected",
              "version": "3.1.1"
            },
            {
              "status": "affected",
              "version": "3.1.2"
            },
            {
              "status": "affected",
              "version": "3.2.0"
            },
            {
              "status": "affected",
              "version": "3.0.5"
            },
            {
              "status": "affected",
              "version": "3.2.1"
            },
            {
              "status": "affected",
              "version": "3.0.6"
            },
            {
              "status": "affected",
              "version": "3.2.2"
            },
            {
              "status": "affected",
              "version": "3.2.3"
            },
            {
              "status": "affected",
              "version": "3.2.4"
            },
            {
              "status": "affected",
              "version": "4.0.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.1.0"
            },
            {
              "status": "affected",
              "version": "4.1.1"
            },
            {
              "status": "affected",
              "version": "4.1.2"
            },
            {
              "status": "affected",
              "version": "4.1.3"
            },
            {
              "status": "affected",
              "version": "4.1.4"
            },
            {
              "status": "affected",
              "version": "4.2.0"
            },
            {
              "status": "affected",
              "version": "4.2.1"
            },
            {
              "status": "affected",
              "version": "4.1.5"
            },
            {
              "status": "affected",
              "version": "4.2.2"
            },
            {
              "status": "affected",
              "version": "4.2.X"
            },
            {
              "status": "affected",
              "version": "4.2.3"
            },
            {
              "status": "affected",
              "version": "4.2.4"
            },
            {
              "status": "affected",
              "version": "4.2.6"
            },
            {
              "status": "affected",
              "version": "4.1.6"
            },
            {
              "status": "affected",
              "version": "4.3.0"
            },
            {
              "status": "affected",
              "version": "4.3.1"
            },
            {
              "status": "affected",
              "version": "4.3.2"
            },
            {
              "status": "affected",
              "version": "4.3.3"
            },
            {
              "status": "affected",
              "version": "4.4.0"
            },
            {
              "status": "affected",
              "version": "4.4.1"
            },
            {
              "status": "affected",
              "version": "4.4.2"
            },
            {
              "status": "affected",
              "version": "4.4.3"
            },
            {
              "status": "affected",
              "version": "4.1.7"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.1.0"
            },
            {
              "status": "affected",
              "version": "5.1.1"
            },
            {
              "status": "affected",
              "version": "5.1.2"
            },
            {
              "status": "affected",
              "version": "5.1.3"
            },
            {
              "status": "affected",
              "version": "5.2.0"
            },
            {
              "status": "affected",
              "version": "5.2.1"
            },
            {
              "status": "affected",
              "version": "5.3.0"
            },
            {
              "status": "affected",
              "version": "5.3.1"
            },
            {
              "status": "affected",
              "version": "5.3.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Secure Firewall Threat Defense (FTD) Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.0.1"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.3.0"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.2.4"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "7.2.4.1"
            },
            {
              "status": "affected",
              "version": "7.3.1.1"
            },
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "status": "affected",
              "version": "7.2.5.1"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.6"
            },
            {
              "status": "affected",
              "version": "7.4.1.1"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.2.5.2"
            },
            {
              "status": "affected",
              "version": "7.3.1.2"
            },
            {
              "status": "affected",
              "version": "7.2.8"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.4.2"
            },
            {
              "status": "affected",
              "version": "7.2.8.1"
            },
            {
              "status": "affected",
              "version": "7.4.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.9"
            },
            {
              "status": "affected",
              "version": "7.7.0"
            },
            {
              "status": "affected",
              "version": "7.4.2.2"
            },
            {
              "status": "affected",
              "version": "7.2.10"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.4.2.3"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.7.10"
            },
            {
              "status": "affected",
              "version": "7.6.2.1"
            },
            {
              "status": "affected",
              "version": "7.7.10.1"
            },
            {
              "status": "affected",
              "version": "7.4.2.4"
            },
            {
              "status": "affected",
              "version": "7.2.10.2"
            },
            {
              "status": "affected",
              "version": "7.4.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco UTD SNORT IPS Engine Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "17.12.1a"
            },
            {
              "status": "affected",
              "version": "17.9.4"
            },
            {
              "status": "affected",
              "version": "17.12.2"
            },
            {
              "status": "affected",
              "version": "17.13.1a"
            },
            {
              "status": "affected",
              "version": "17.12.3"
            },
            {
              "status": "affected",
              "version": "17.14.1a"
            },
            {
              "status": "affected",
              "version": "17.12.4"
            },
            {
              "status": "affected",
              "version": "17.12.3a"
            },
            {
              "status": "affected",
              "version": "17.15.1a"
            },
            {
              "status": "affected",
              "version": "17.16.1a"
            },
            {
              "status": "affected",
              "version": "17.9.5e"
            },
            {
              "status": "affected",
              "version": "17.12.4a"
            },
            {
              "status": "affected",
              "version": "17.15.2c"
            },
            {
              "status": "affected",
              "version": "17.12.4b"
            },
            {
              "status": "affected",
              "version": "17.15.2a"
            },
            {
              "status": "affected",
              "version": "17.12.5"
            },
            {
              "status": "affected",
              "version": "17.17.1"
            },
            {
              "status": "affected",
              "version": "17.12.5a"
            },
            {
              "status": "affected",
              "version": "17.15.3a"
            },
            {
              "status": "affected",
              "version": "17.15.3"
            },
            {
              "status": "affected",
              "version": "17.12.5b"
            },
            {
              "status": "affected",
              "version": "17.12.5c"
            },
            {
              "status": "affected",
              "version": "17.15.4"
            },
            {
              "status": "affected",
              "version": "17.18.1"
            },
            {
              "status": "affected",
              "version": "17.18.1a"
            },
            {
              "status": "affected",
              "version": "17.12.6"
            },
            {
              "status": "affected",
              "version": "17.15.4c"
            },
            {
              "status": "affected",
              "version": "17.12.5d"
            },
            {
              "status": "affected",
              "version": "17.18.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash.\r\n\r\nThis vulnerability is due to improper range checking when decompressing VBA data, which is user controlled. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause an overflow of heap data, which could cause a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-04T17:46:58.213Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ftd-snort3-vbavuls-96UcVVed",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-vbavuls-96UcVVed"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ftd-snort3-vbavuls-96UcVVed",
        "defects": [
          "CSCwq23373"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Secure Firewall Threat Defense Software Snort 3 Visual Basic for Application Heap Overflow Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20053",
    "datePublished": "2026-03-04T17:46:58.213Z",
    "dateReserved": "2025-10-08T11:59:15.355Z",
    "dateUpdated": "2026-03-04T21:25:01.489Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-16118 (GCVE-0-2026-16118)

Vulnerability from cvelistv5 – Published: 2026-07-17 19:44 – Updated: 2026-07-17 19:44
VLAI
Title
Xdgmime: heap-based buffer overflow in _xdg_mime_magic_parse_magic_line() in xdgmimemagic.c
Summary
A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in _xdg_mime_magic_parse_magic_line() in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location (e.g., in the $XDG_DATA_HOME/mime/magic path) is parsed by an application performing MIME type detection (e.g., via g_content_type_guess()). When performing byte-swap, incorrect pointer arithmetic on the write side causes an out-of-bounds write of 2 bytes, resulting in an application crash or memory corruption.
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Date Public
2026-07-07 00:00
Credits
Red Hat would like to thank asotyc for reporting this issue.
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "webkitgtk4",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "webkit2gtk3",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "webkit2gtk3",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank asotyc for reporting this issue."
        }
      ],
      "datePublic": "2026-07-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in _xdg_mime_magic_parse_magic_line() in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location (e.g., in the $XDG_DATA_HOME/mime/magic path) is parsed by an application performing MIME type detection (e.g., via g_content_type_guess()). When performing byte-swap, incorrect pointer arithmetic on the write side causes an out-of-bounds write of 2 bytes, resulting in an application crash or memory corruption."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-17T19:44:40.562Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-16118"
        },
        {
          "name": "RHBZ#2501732",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501732"
        },
        {
          "url": "https://gitlab.freedesktop.org/xdg/xdgmime/-/work_items/41"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-17T13:20:23.862Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-07-07T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Xdgmime: heap-based buffer overflow in _xdg_mime_magic_parse_magic_line() in xdgmimemagic.c",
      "workarounds": [
        {
          "lang": "en",
          "value": "Do not install a MIME magic file or content from untrusted sources."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-16118",
    "datePublished": "2026-07-17T19:44:40.562Z",
    "dateReserved": "2026-07-17T15:50:21.345Z",
    "dateUpdated": "2026-07-17T19:44:40.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-15520 (GCVE-0-2026-15520)

Vulnerability from cvelistv5 – Published: 2026-07-13 01:15 – Updated: 2026-07-13 15:53 X_Open Source
VLAI
Title
GNU LibreDWG R2004 Section Decompression decode.c decompress_R2004_section heap-based overflow
Summary
A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompress_R2004_section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.14.8396 will fix this issue. This patch is called 3d0f9fc2eddbd6579c99af3111c37c98f03475d0. You should upgrade the affected component.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
GNU LibreDWG Affected: 0.13.4-154-g0b573035
Unaffected: 0.14.8396
    cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Ech06 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-15520",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-13T15:53:23.251380Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-13T15:53:27.409Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/LibreDWG/libredwg/issues/1251"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "R2004 Section Decompression"
          ],
          "product": "LibreDWG",
          "vendor": "GNU",
          "versions": [
            {
              "status": "affected",
              "version": "0.13.4-154-g0b573035"
            },
            {
              "status": "unaffected",
              "version": "0.14.8396"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Ech06 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompress_R2004_section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.14.8396 will fix this issue. This patch is called 3d0f9fc2eddbd6579c99af3111c37c98f03475d0. You should upgrade the affected component."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4.3,
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-13T01:15:16.694Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-377849 | GNU LibreDWG R2004 Section Decompression decode.c decompress_R2004_section heap-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/377849"
        },
        {
          "name": "VDB-377849 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/377849/cti"
        },
        {
          "name": "CVE-2026-15520 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-15520"
        },
        {
          "name": "Submit #851190 | LibreDWG 0.13.4-154-g0b573035 (main branch, commit 0b573035, 2026-04-29) \u5185\u5b58\u635f\u574f (Heap Buffer Overflow - Write)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/851190"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/LibreDWG/libredwg/issues/1251"
        },
        {
          "tags": [
            "broken-link",
            "issue-tracking"
          ],
          "url": "https://github.com/advisories/GHSA-qg2f-8389-w95j"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_0b57303_heap_overflow_decompress_R2004_section.dwg"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/LibreDWG/libredwg/commit/3d0f9fc2eddbd6579c99af3111c37c98f03475d0"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/LibreDWG/libredwg/releases/tag/0.14.8396"
        },
        {
          "tags": [
            "broken-link",
            "product"
          ],
          "url": "https://www.gnu.org/"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-12T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-12T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-12T13:32:32.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "GNU LibreDWG R2004 Section Decompression decode.c decompress_R2004_section heap-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-15520",
    "datePublished": "2026-07-13T01:15:16.694Z",
    "dateReserved": "2026-07-12T11:27:17.703Z",
    "dateUpdated": "2026-07-13T15:53:27.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-15506 (GCVE-0-2026-15506)

Vulnerability from cvelistv5 – Published: 2026-07-12 21:30 – Updated: 2026-07-14 16:35
VLAI
Title
SecureAge CatchPulse Driver saappctl.sys heap-based overflow
Summary
A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown function in the library saappctl.sys of the component Driver. Such manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version 10.10.0 is sufficient to fix this issue. You should upgrade the affected component. The vendor was contacted early about this disclosure.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
SecureAge CatchPulse Affected: 10.9.0
Affected: 10.9.1
Affected: 10.9.2
Affected: 10.9.3
Unaffected: 10.10.0
    cpe:2.3:a:secureage:catchpulse:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Jordan Higgins Jordanhiggins (VulDB User) Jordanhiggins (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-15506",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-13T18:06:21.412991Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-13T18:12:18.713Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:secureage:catchpulse:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Driver"
          ],
          "product": "CatchPulse",
          "vendor": "SecureAge",
          "versions": [
            {
              "status": "affected",
              "version": "10.9.0"
            },
            {
              "status": "affected",
              "version": "10.9.1"
            },
            {
              "status": "affected",
              "version": "10.9.2"
            },
            {
              "status": "affected",
              "version": "10.9.3"
            },
            {
              "status": "unaffected",
              "version": "10.10.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jordan Higgins"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jordanhiggins (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Jordanhiggins (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown function in the library saappctl.sys of the component Driver. Such manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version 10.10.0 is sufficient to fix this issue. You should upgrade the affected component. The vendor was contacted early about this disclosure."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.8,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T16:35:28.887Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-377835 | SecureAge CatchPulse Driver saappctl.sys heap-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/377835"
        },
        {
          "name": "VDB-377835 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/377835/cti"
        },
        {
          "name": "CVE-2026-15506 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-15506"
        },
        {
          "name": "Submit #845584 | SecureAge Technology CatchPulse \u003c10.9.3 Heap-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/845584"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://jordanhiggins.blog/catchpulse-antivirus-exploits/"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/Kalagious/SecureAgeExploit"
        },
        {
          "tags": [
            "media-coverage"
          ],
          "url": "https://youtu.be/xZqRVWlrah8"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-29T00:00:00.000Z",
          "value": "Countermeasure disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-12T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-12T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-14T18:40:23.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "SecureAge CatchPulse Driver saappctl.sys heap-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-15506",
    "datePublished": "2026-07-12T21:30:12.054Z",
    "dateReserved": "2026-07-12T05:44:41.811Z",
    "dateUpdated": "2026-07-14T16:35:28.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation

Pre-design: Use a language or compiler that performs automatic bounds checking.

Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation
Implementation

Implement and perform bounds checking on input.

Mitigation
Implementation

Strategy: Libraries or Frameworks

Do not use dangerous functions such as gets. Look for their safe equivalent, which checks for the boundary.

Mitigation
Operation

Use OS-level preventative functionality. This is not a complete solution, but it provides some defense in depth.

CAPEC-92: Forced Integer Overflow

This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.