CWE-122
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CVE-2026-2005 (GCVE-0-2026-2005)
Vulnerability from cvelistv5 – Published: 2026-02-12 13:00 – Updated: 2026-02-26 14:44
VLAI
Title
PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
Summary
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | PostgreSQL |
Affected:
18 , < 18.2
(rpm)
Affected: 17 , < 17.8 (rpm) Affected: 16 , < 16.12 (rpm) Affected: 15 , < 15.16 (rpm) Affected: 0 , < 14.21 (rpm) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T04:56:32.671453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:21.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PostgreSQL",
"vendor": "n/a",
"versions": [
{
"lessThan": "18.2",
"status": "affected",
"version": "18",
"versionType": "rpm"
},
{
"lessThan": "17.8",
"status": "affected",
"version": "17",
"versionType": "rpm"
},
{
"lessThan": "16.12",
"status": "affected",
"version": "16",
"versionType": "rpm"
},
{
"lessThan": "15.16",
"status": "affected",
"version": "15",
"versionType": "rpm"
},
{
"lessThan": "14.21",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "attacker has permission to install pgcrypto or pass arbitrary ciphertext to an already-installed pgcrypto"
}
],
"credits": [
{
"lang": "en",
"value": "The PostgreSQL project thanks Team Xint Code, as part of zeroday.cloud, for reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T13:00:09.784Z",
"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"shortName": "PostgreSQL"
},
"references": [
{
"url": "https://www.postgresql.org/support/security/CVE-2026-2005/"
}
],
"title": "PostgreSQL pgcrypto heap buffer overflow executes arbitrary code"
}
},
"cveMetadata": {
"assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"assignerShortName": "PostgreSQL",
"cveId": "CVE-2026-2005",
"datePublished": "2026-02-12T13:00:09.784Z",
"dateReserved": "2026-02-05T18:17:55.613Z",
"dateUpdated": "2026-02-26T14:44:21.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20053 (GCVE-0-2026-20053)
Vulnerability from cvelistv5 – Published: 2026-03-04 17:46 – Updated: 2026-03-04 21:25
VLAI
Title
Cisco Secure Firewall Threat Defense Software Snort 3 Visual Basic for Application Heap Overflow Denial of Service Vulnerability
Summary
Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash.
This vulnerability is due to improper range checking when decompressing VBA data, which is user controlled. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause an overflow of heap data, which could cause a DoS condition.
Severity
5.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Cyber Vision |
Affected:
3.0.0
Affected: 3.0.2 Affected: 3.0.3 Affected: 3.0.1 Affected: 3.1.0 Affected: 3.0.4 Affected: 3.1.1 Affected: 3.1.2 Affected: 3.2.0 Affected: 3.0.5 Affected: 3.2.1 Affected: 3.0.6 Affected: 3.2.2 Affected: 3.2.3 Affected: 3.2.4 Affected: 4.0.0 Affected: 4.0.1 Affected: 4.0.2 Affected: 4.0.3 Affected: 4.1.0 Affected: 4.1.1 Affected: 4.1.2 Affected: 4.1.3 Affected: 4.1.4 Affected: 4.2.0 Affected: 4.2.1 Affected: 4.1.5 Affected: 4.2.2 Affected: 4.2.X Affected: 4.2.3 Affected: 4.2.4 Affected: 4.2.6 Affected: 4.1.6 Affected: 4.3.0 Affected: 4.3.1 Affected: 4.3.2 Affected: 4.3.3 Affected: 4.4.0 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.4.3 Affected: 4.1.7 Affected: 5.0.0 Affected: 5.0.1 Affected: 5.0.2 Affected: 5.1.0 Affected: 5.1.1 Affected: 5.1.2 Affected: 5.1.3 Affected: 5.2.0 Affected: 5.2.1 Affected: 5.3.0 Affected: 5.3.1 Affected: 5.3.2 |
|
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software |
Affected:
7.2.0
Affected: 7.2.0.1 Affected: 7.2.1 Affected: 7.3.0 Affected: 7.2.2 Affected: 7.2.3 Affected: 7.3.1 Affected: 7.2.4 Affected: 7.2.5 Affected: 7.2.4.1 Affected: 7.3.1.1 Affected: 7.4.0 Affected: 7.2.5.1 Affected: 7.4.1 Affected: 7.2.6 Affected: 7.4.1.1 Affected: 7.2.7 Affected: 7.2.5.2 Affected: 7.3.1.2 Affected: 7.2.8 Affected: 7.6.0 Affected: 7.4.2 Affected: 7.2.8.1 Affected: 7.4.2.1 Affected: 7.2.9 Affected: 7.7.0 Affected: 7.4.2.2 Affected: 7.2.10 Affected: 7.6.1 Affected: 7.4.2.3 Affected: 7.6.2 Affected: 7.7.10 Affected: 7.6.2.1 Affected: 7.7.10.1 Affected: 7.4.2.4 Affected: 7.2.10.2 Affected: 7.4.3 |
|
| Cisco | Cisco UTD SNORT IPS Engine Software |
Affected:
17.12.1a
Affected: 17.9.4 Affected: 17.12.2 Affected: 17.13.1a Affected: 17.12.3 Affected: 17.14.1a Affected: 17.12.4 Affected: 17.12.3a Affected: 17.15.1a Affected: 17.16.1a Affected: 17.9.5e Affected: 17.12.4a Affected: 17.15.2c Affected: 17.12.4b Affected: 17.15.2a Affected: 17.12.5 Affected: 17.17.1 Affected: 17.12.5a Affected: 17.15.3a Affected: 17.15.3 Affected: 17.12.5b Affected: 17.12.5c Affected: 17.15.4 Affected: 17.18.1 Affected: 17.18.1a Affected: 17.12.6 Affected: 17.15.4c Affected: 17.12.5d Affected: 17.18.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T21:24:52.682489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T21:25:01.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Cyber Vision",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "3.0.3"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.4"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.0.5"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.0.6"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "4.0.1"
},
{
"status": "affected",
"version": "4.0.2"
},
{
"status": "affected",
"version": "4.0.3"
},
{
"status": "affected",
"version": "4.1.0"
},
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.1.3"
},
{
"status": "affected",
"version": "4.1.4"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.1.5"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.2.X"
},
{
"status": "affected",
"version": "4.2.3"
},
{
"status": "affected",
"version": "4.2.4"
},
{
"status": "affected",
"version": "4.2.6"
},
{
"status": "affected",
"version": "4.1.6"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.2"
},
{
"status": "affected",
"version": "4.3.3"
},
{
"status": "affected",
"version": "4.4.0"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.1.7"
},
{
"status": "affected",
"version": "5.0.0"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "5.0.2"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "5.1.2"
},
{
"status": "affected",
"version": "5.1.3"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "5.3.0"
},
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.3.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Secure Firewall Threat Defense (FTD) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.0.1"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.2.4"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "7.2.4.1"
},
{
"status": "affected",
"version": "7.3.1.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.2.5.1"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.6"
},
{
"status": "affected",
"version": "7.4.1.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.2.5.2"
},
{
"status": "affected",
"version": "7.3.1.2"
},
{
"status": "affected",
"version": "7.2.8"
},
{
"status": "affected",
"version": "7.6.0"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.2.8.1"
},
{
"status": "affected",
"version": "7.4.2.1"
},
{
"status": "affected",
"version": "7.2.9"
},
{
"status": "affected",
"version": "7.7.0"
},
{
"status": "affected",
"version": "7.4.2.2"
},
{
"status": "affected",
"version": "7.2.10"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.4.2.3"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.7.10"
},
{
"status": "affected",
"version": "7.6.2.1"
},
{
"status": "affected",
"version": "7.7.10.1"
},
{
"status": "affected",
"version": "7.4.2.4"
},
{
"status": "affected",
"version": "7.2.10.2"
},
{
"status": "affected",
"version": "7.4.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco UTD SNORT IPS Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.13.1a"
},
{
"status": "affected",
"version": "17.12.3"
},
{
"status": "affected",
"version": "17.14.1a"
},
{
"status": "affected",
"version": "17.12.4"
},
{
"status": "affected",
"version": "17.12.3a"
},
{
"status": "affected",
"version": "17.15.1a"
},
{
"status": "affected",
"version": "17.16.1a"
},
{
"status": "affected",
"version": "17.9.5e"
},
{
"status": "affected",
"version": "17.12.4a"
},
{
"status": "affected",
"version": "17.15.2c"
},
{
"status": "affected",
"version": "17.12.4b"
},
{
"status": "affected",
"version": "17.15.2a"
},
{
"status": "affected",
"version": "17.12.5"
},
{
"status": "affected",
"version": "17.17.1"
},
{
"status": "affected",
"version": "17.12.5a"
},
{
"status": "affected",
"version": "17.15.3a"
},
{
"status": "affected",
"version": "17.15.3"
},
{
"status": "affected",
"version": "17.12.5b"
},
{
"status": "affected",
"version": "17.12.5c"
},
{
"status": "affected",
"version": "17.15.4"
},
{
"status": "affected",
"version": "17.18.1"
},
{
"status": "affected",
"version": "17.18.1a"
},
{
"status": "affected",
"version": "17.12.6"
},
{
"status": "affected",
"version": "17.15.4c"
},
{
"status": "affected",
"version": "17.12.5d"
},
{
"status": "affected",
"version": "17.18.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash.\r\n\r\nThis vulnerability is due to improper range checking when decompressing VBA data, which is user controlled. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause an overflow of heap data, which could cause a DoS condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T17:46:58.213Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ftd-snort3-vbavuls-96UcVVed",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-vbavuls-96UcVVed"
}
],
"source": {
"advisory": "cisco-sa-ftd-snort3-vbavuls-96UcVVed",
"defects": [
"CSCwq23373"
],
"discovery": "INTERNAL"
},
"title": "Cisco Secure Firewall Threat Defense Software Snort 3 Visual Basic for Application Heap Overflow Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20053",
"datePublished": "2026-03-04T17:46:58.213Z",
"dateReserved": "2025-10-08T11:59:15.355Z",
"dateUpdated": "2026-03-04T21:25:01.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2007 (GCVE-0-2026-2007)
Vulnerability from cvelistv5 – Published: 2026-02-12 13:00 – Updated: 2026-02-12 14:18
VLAI
Title
PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory
Summary
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | PostgreSQL |
Affected:
18 , < 18.2
(rpm)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T14:18:10.396498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T14:18:19.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PostgreSQL",
"vendor": "n/a",
"versions": [
{
"lessThan": "18.2",
"status": "affected",
"version": "18",
"versionType": "rpm"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "attacker has permission to install pg_trgm in a database with certain locales or pass text to an existing installation"
}
],
"credits": [
{
"lang": "en",
"value": "The PostgreSQL project thanks Heikki Linnakangas for reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T13:00:11.127Z",
"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"shortName": "PostgreSQL"
},
"references": [
{
"url": "https://www.postgresql.org/support/security/CVE-2026-2007/"
}
],
"title": "PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory"
}
},
"cveMetadata": {
"assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"assignerShortName": "PostgreSQL",
"cveId": "CVE-2026-2007",
"datePublished": "2026-02-12T13:00:11.127Z",
"dateReserved": "2026-02-05T18:17:56.928Z",
"dateUpdated": "2026-02-12T14:18:19.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20185 (GCVE-0-2026-20185)
Vulnerability from cvelistv5 – Published: 2026-05-06 16:15 – Updated: 2026-05-06 17:48
VLAI
Title
Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vunerability
Summary
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.
This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
2.5.9.54
Affected: 2.5.9.55 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T17:36:31.829064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T17:48:26.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Small Business Smart and Managed Switches",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.5.9.54"
},
{
"status": "affected",
"version": "2.5.9.55"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of\u0026nbsp;Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X)\u0026nbsp;firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\r\nThis vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T16:15:23.838Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sg350-snmp-dos-GEFZr2Tj",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj"
}
],
"source": {
"advisory": "cisco-sa-sg350-snmp-dos-GEFZr2Tj",
"defects": [
"CSCwt39853"
],
"discovery": "EXTERNAL"
},
"title": "Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vunerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20185",
"datePublished": "2026-05-06T16:15:23.838Z",
"dateReserved": "2025-10-08T11:59:15.394Z",
"dateUpdated": "2026-05-06T17:48:26.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20408 (GCVE-0-2026-20408)
Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI
Summary
In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT6890
Affected: MT7615 Affected: MT7915 Affected: MT7916 Affected: MT7981 Affected: MT7986 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T04:55:40.470235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:39.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT7615"
},
{
"status": "affected",
"version": "MT7915"
},
{
"status": "affected",
"version": "MT7916"
},
{
"status": "affected",
"version": "MT7981"
},
{
"status": "affected",
"version": "MT7986"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:57.756Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20408",
"datePublished": "2026-02-02T08:14:56.694Z",
"dateReserved": "2025-11-03T01:30:59.008Z",
"dateUpdated": "2026-03-30T13:02:57.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20452 (GCVE-0-2026-20452)
Vulnerability from cvelistv5 – Published: 2026-06-01 03:20 – Updated: 2026-06-02 03:55
VLAI
Summary
In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT6890
Affected: MT7615 Affected: MT7915 Affected: MT7916 Affected: MT7981 Affected: MT7986 Affected: MT7990 Affected: MT7992 Affected: MT7993 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20452",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T03:55:38.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT7615"
},
{
"status": "affected",
"version": "MT7915"
},
{
"status": "affected",
"version": "MT7916"
},
{
"status": "affected",
"version": "MT7981"
},
{
"status": "affected",
"version": "MT7986"
},
{
"status": "affected",
"version": "MT7990"
},
{
"status": "affected",
"version": "MT7992"
},
{
"status": "affected",
"version": "MT7993"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T03:20:08.315Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/June-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20452",
"datePublished": "2026-06-01T03:20:08.315Z",
"dateReserved": "2025-11-03T01:30:59.013Z",
"dateUpdated": "2026-06-02T03:55:38.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2047 (GCVE-0-2026-2047)
Vulnerability from cvelistv5 – Published: 2026-02-20 22:23 – Updated: 2026-02-26 14:44
VLAI
Title
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28530.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://gitlab.gnome.org/GNOME/gimp/-/merge_reque… | vendor-advisory |
Date Public
2026-02-19 14:22
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-21T04:56:38.963084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:12.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GIMP",
"vendor": "GIMP",
"versions": [
{
"status": "affected",
"version": "3.0.6"
}
]
}
],
"dateAssigned": "2026-02-06T01:16:39.051Z",
"datePublic": "2026-02-19T14:22:34.916Z",
"descriptions": [
{
"lang": "en",
"value": "GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28530."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T22:23:41.576Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-26-120",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-120/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2600/diffs?commit_id=dd2faac351f1ff2588529fedc606e6a5f815577c"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2026-2047",
"datePublished": "2026-02-20T22:23:41.576Z",
"dateReserved": "2026-02-06T01:16:39.038Z",
"dateUpdated": "2026-02-26T14:44:12.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2049 (GCVE-0-2026-2049)
Vulnerability from cvelistv5 – Published: 2026-06-10 21:22 – Updated: 2026-06-11 13:25
VLAI
Title
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Summary
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28618.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://gitlab.gnome.org/GNOME/gegl/-/issues/450 | vendor-advisory |
Date Public
2026-03-16 21:37
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T13:24:54.417942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T13:25:06.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GIMP",
"vendor": "GIMP",
"versions": [
{
"status": "affected",
"version": "3.2.0-RC1"
}
]
}
],
"dateAssigned": "2026-02-06T01:17:36.221Z",
"datePublic": "2026-03-16T21:37:38.872Z",
"descriptions": [
{
"lang": "en",
"value": "GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28618."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T21:22:47.059Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-26-214",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-214/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://gitlab.gnome.org/GNOME/gegl/-/issues/450"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2026-2049",
"datePublished": "2026-06-10T21:22:47.059Z",
"dateReserved": "2026-02-06T01:17:36.198Z",
"dateUpdated": "2026-06-11T13:25:06.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20766 (GCVE-0-2026-20766)
Vulnerability from cvelistv5 – Published: 2026-04-27 23:45 – Updated: 2026-04-28 14:39
VLAI
Title
Milesight Cameras Heap-based Buffer Overflow
Summary
An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
82 products
| Vendor | Product | Version | |
|---|---|---|---|
| Milesight | MS-Cxx63-PD |
Affected:
0 , ≤ 51.7.0.77-r12
(custom)
|
|
| Milesight | MS-Cxx64-xPD |
Affected:
0 , ≤ 51.7.0.77-r12
(custom)
|
|
| Milesight | MS-Cxx73-xPD |
Affected:
0 , ≤ 51.7.0.77-r12
(custom)
|
|
| Milesight | MS-Cxx75-xxPD |
Affected:
0 , ≤ 51.7.0.77-r12
(custom)
|
|
| Milesight | MS-Cxx83-xPD |
Affected:
0 , ≤ 51.7.0.77-r12
(custom)
|
|
| Milesight | MS-Cxx74-PA |
Affected:
0 , ≤ 3x.8.0.3-r11
(custom)
|
|
| Milesight | MS-C8477-HPG1 |
Affected:
0 , ≤ 63.8.0.4-r3
(custom)
|
|
| Milesight | MS-C8477-PC |
Affected:
0 , ≤ 48.8.0.4-r3
(custom)
|
|
| Milesight | MS-C5321-FPE |
Affected:
0 , ≤ 62.8.0.4-r5
(custom)
|
|
| Milesight | MS-Cxx72-xxxPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx62-xxxPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx52-xxxPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx66-xxxPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx66-xxxGPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx61-xxxPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx67-xxxPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx71-xxxPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx41-xxxPE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx76-PE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx65-PE |
Affected:
0 , ≤ 61.8.0.5-r2
(custom)
|
|
| Milesight | MS-Cxx66-xxxG1 |
Affected:
0 , ≤ 63.8.0.5-r3
(custom)
|
|
| Milesight | MS-Cxx62-xxxG1 |
Affected:
0 , ≤ 63.8.0.5-r3
(custom)
|
|
| Milesight | MS-Cxx72-xxxG1 |
Affected:
0 , ≤ 63.8.0.5-r3
(custom)
|
|
| Milesight | MS-CQxx31-xxxG1 |
Affected:
0 , ≤ CQ_63.8.0.5-r1
(custom)
|
|
| Milesight | MS-CQxx68-xxxG1 |
Affected:
0 , ≤ CQ_63.8.0.5-r1
(custom)
|
|
| Milesight | MS-CQxx72-xxxG1 |
Affected:
0 , ≤ CQ_63.8.0.5-r1
(custom)
|
|
| Milesight | MS-Nxxxx-NxE |
Affected:
0 , ≤ 7x.9.0.19-r5
(custom)
|
|
| Milesight | MS-Nxxxx-xxC |
Affected:
0 , ≤ 7x.9.0.19-r5
(custom)
|
|
| Milesight | MS-Nxxxx-xxE |
Affected:
0 , ≤ 7x.9.0.19-r5
(custom)
|
|
| Milesight | MS-Nxxxx-xxG |
Affected:
0 , ≤ 7x.9.0.19-r5
(custom)
|
|
| Milesight | MS-Nxxxx-xxH |
Affected:
0 , ≤ 7x.9.0.19-r5
(custom)
|
|
| Milesight | MS-Nxxxx-xxT |
Affected:
0 , ≤ 7x.9.0.19-r5
(custom)
|
|
| Milesight | PMC8266-FPE |
Affected:
0 , ≤ PO_61.8.0.4_LPR
(custom)
|
|
| Milesight | PMC8266-FGPE |
Affected:
0 , ≤ PO_61.8.0.4_LPR
(custom)
|
|
| Milesight | PM3322-E |
Affected:
0 , ≤ PI_61.8.0.3_LPR-r3
(custom)
|
|
| Milesight | TS4466-X4RIPG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS5366-X12RIPG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS8266-X4RIPG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS4466-X4RIVPG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS4466-RFIVPG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS8266-X4RIVPG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS8266-RFIVPG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS4466-X4RIWG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS8266-X4RIWG1 |
Affected:
0 , ≤ T_63.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS5510-GVH |
Affected:
0 , ≤ T_47.8.0.4_LPR-r7
(custom)
|
|
| Milesight | TS5510-GH |
Affected:
0 , ≤ T_47.8.0.4_LPR-r6
(custom)
|
|
| Milesight | TS5511-GVH |
Affected:
0 , ≤ T_47.8.0.4_LPR-r6
(custom)
|
|
| Milesight | TS2966-X12TPE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS4466-X4RPE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS5366-X12PE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS8266-X4PE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS2966-X12TVPE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS4466-X4RVPE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS5366-X12VPE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS8266-X4VPE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS4441-X36RPE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS4441-X36RE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS4466-X4RWE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | TS8266-X4WE |
Affected:
0 , ≤ T_61.8.0.4_LPR-r3
(custom)
|
|
| Milesight | MS-C2964-RFLPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | MS-C2972-RFLPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | MS-C2966-RFLWPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | TS2866-X4TPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | TS2866-X4TVPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | TS2866-X4TGPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | TS2841-X36TPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | TS2841-X36TPC/W |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | TS2867-X5TPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | TS2961-X12TPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | TS8266-FPC/P |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | MS-C2966-X12RLPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | MS-C2966-X12RLVPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | MS-C5366-X12LPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | MS-C5366-X12LVPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | MS-C5361-X12LPC |
Affected:
0 , ≤ T_45.8.0.3-r9
(custom)
|
|
| Milesight | MS-Cxx66-xxxxGOPC |
Affected:
0 , ≤ 45.8.0.2-AIoT-r4
(custom)
|
|
| Milesight | SC211 |
Affected:
0 , ≤ C_21.1.0.8-r4
(custom)
|
|
| Milesight | SP111 |
Affected:
0 , ≤ 52.8.0.4-r5
(custom)
|
|
| Milesight | MS-Cxx66-RFIPKG1 |
Affected:
0 , ≤ 63.8.0.4-r1-NX
(custom)
|
|
| Milesight | MS-Cxx72-RFIPKG1 |
Affected:
0 , ≤ 63.8.0.4-r1-NX
(custom)
|
|
| Milesight | MS-Cxx66-FIPKG1 |
Affected:
0 , ≤ 63.8.0.4-r1-NX
(custom)
|
|
| Milesight | MS-Cxx72-FIPKG1 |
Affected:
0 , ≤ 63.8.0.4-r1-NX
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T14:37:23.854997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T14:39:17.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MS-Cxx63-PD",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "51.7.0.77-r12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx64-xPD",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "51.7.0.77-r12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx73-xPD",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "51.7.0.77-r12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx75-xxPD",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "51.7.0.77-r12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx83-xPD",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "51.7.0.77-r12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx74-PA",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "3x.8.0.3-r11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C8477-HPG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "63.8.0.4-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C8477-PC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "48.8.0.4-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C5321-FPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "62.8.0.4-r5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx72-xxxPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx62-xxxPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx52-xxxPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx66-xxxPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx66-xxxGPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx61-xxxPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx67-xxxPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx71-xxxPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx41-xxxPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx76-PE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx65-PE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "61.8.0.5-r2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx66-xxxG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "63.8.0.5-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx62-xxxG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "63.8.0.5-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx72-xxxG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "63.8.0.5-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-CQxx31-xxxG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "CQ_63.8.0.5-r1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-CQxx68-xxxG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "CQ_63.8.0.5-r1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-CQxx72-xxxG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "CQ_63.8.0.5-r1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Nxxxx-NxE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "7x.9.0.19-r5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Nxxxx-xxC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "7x.9.0.19-r5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Nxxxx-xxE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "7x.9.0.19-r5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Nxxxx-xxG",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "7x.9.0.19-r5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Nxxxx-xxH",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "7x.9.0.19-r5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Nxxxx-xxT",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "7x.9.0.19-r5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PMC8266-FPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "PO_61.8.0.4_LPR",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PMC8266-FGPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "PO_61.8.0.4_LPR",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PM3322-E",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "PI_61.8.0.3_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4466-X4RIPG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS5366-X12RIPG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS8266-X4RIPG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4466-X4RIVPG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4466-RFIVPG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS8266-X4RIVPG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS8266-RFIVPG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4466-X4RIWG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS8266-X4RIWG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_63.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS5510-GVH",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_47.8.0.4_LPR-r7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS5510-GH",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_47.8.0.4_LPR-r6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS5511-GVH",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_47.8.0.4_LPR-r6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2966-X12TPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4466-X4RPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS5366-X12PE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS8266-X4PE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2966-X12TVPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4466-X4RVPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS5366-X12VPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS8266-X4VPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4441-X36RPE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4441-X36RE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS4466-X4RWE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS8266-X4WE",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_61.8.0.4_LPR-r3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C2964-RFLPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C2972-RFLPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C2966-RFLWPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2866-X4TPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2866-X4TVPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2866-X4TGPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2841-X36TPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2841-X36TPC/W",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2867-X5TPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS2961-X12TPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TS8266-FPC/P",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C2966-X12RLPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C2966-X12RLVPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C5366-X12LPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C5366-X12LVPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-C5361-X12LPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "T_45.8.0.3-r9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx66-xxxxGOPC",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "45.8.0.2-AIoT-r4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SC211",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "C_21.1.0.8-r4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SP111",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "52.8.0.4-r5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx66-RFIPKG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "63.8.0.4-r1-NX",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx72-RFIPKG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "63.8.0.4-r1-NX",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx66-FIPKG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "63.8.0.4-r1-NX",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MS-Cxx72-FIPKG1",
"vendor": "Milesight",
"versions": [
{
"lessThanOrEqual": "63.8.0.4-r1-NX",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar reported these vulnerabilities to CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eAn out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.\u003c/span\u003e"
}
],
"value": "An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T23:45:52.896Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json"
},
{
"url": "https://www.milesight.com/support/download/firmware"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMilesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://www.milesight.com/support/download/firmware\" title=\"(opens in a new window)\"\u003ehttps://www.milesight.com/support/download/firmware\u003c/a\u003e\u003c/p\u003e\u003cp\u003eMS-Cxx63-PD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx64-xPD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx73-xPD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx75-xxPD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx83-xPD: Update to 51.7.0.77-r13\u003c/p\u003e\u003cp\u003eMS-Cxx74-PA: Update to 3x.8.0.3-r13\u003c/p\u003e\u003cp\u003eMS-C8477-HPG1: Update to 63.8.0.4-r4\u003c/p\u003e\u003cp\u003e\u0026nbsp;MS-C8477-PC: Update to 48.8.0.4-r4\u003c/p\u003e\u003cp\u003eMS-C5321-FPE: Update to 62.8.0.4-r6\u003c/p\u003e\u003cp\u003eMS-Cxx72-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx62-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx52-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx66-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx66-xxxGPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx61-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx67-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx71-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx41-xxxPE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx76-PE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx65-PE: Update to 61.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Cxx66-xxxG1: Update to 63.8.0.5-r4\u003c/p\u003e\u003cp\u003eMS-Cxx62-xxxG1: Update to 63.8.0.5-r4\u003c/p\u003e\u003cp\u003eMS-Cxx72-xxxG1: Update to 63.8.0.5-r4\u003c/p\u003e\u003cp\u003eMS-CQxx31-xxxG1: Update to CQ_63.8.0.5-r2\u0026nbsp;\u003c/p\u003e\u003cp\u003eMS-CQxx68-xxxG1: Update to CQ_63.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-CQxx72-xxxG1: Update to CQ_63.8.0.5-r2\u003c/p\u003e\u003cp\u003eMS-Nxxxx-NxE: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxC: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxE: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxG: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxH: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003eMS-Nxxxx-xxT: Update to 7x.9.0.19-r6\u003c/p\u003e\u003cp\u003ePMC8266-FPE: Update to PO_61.8.0.4-r1\u003c/p\u003e\u003cp\u003ePMC8266-FGPE: Update to PO_61.8.0.4-r1\u003c/p\u003e\u003cp\u003ePM3322-E: Update to PI_61.8.0.3-r5\u003c/p\u003e\u003cp\u003eTS4466-X4RIPG1: Update to T_63.8.0.4-r4\u0026nbsp;\u003c/p\u003e\u003cp\u003eTS5366-X12RIPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4RIPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RIVPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-RFIVPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4RIVPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-RFIVPG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RIWG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4RIWG1: Update to T_63.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS5510-GVH: Update to T_47.8.0.4-r8\u003c/p\u003e\u003cp\u003eTS5510-GH: Update to T_47.8.0.4-r8\u003c/p\u003e\u003cp\u003eTS5511-GVH: Update to T_47.8.0.4-r8\u003c/p\u003e\u003cp\u003eTS2966-X12TPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS5366-X12PE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4PE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS2966-X12TVPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RVPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS5366-X12VPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4VPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4441-X36RPE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4441-X36RE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS4466-X4RWE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eTS8266-X4WE: Update to T_61.8.0.4-r4\u003c/p\u003e\u003cp\u003eMS-C2964-RFLPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C2972-RFLPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C2966-RFLWPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2866-X4TPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2866-X4TVPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2866-X4TGPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2841-X36TPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2841-X36TPC/W: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2867-X5TPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS2961-X12TPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eTS8266-FPC/P: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C2966-X12RLPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C2966-X12RLVPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C5366-X12LPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C5366-X12LVPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-C5361-X12LPC: Update to T_45.8.0.3-r10\u003c/p\u003e\u003cp\u003eMS-Cxx66-xxxxGOPC: Update to 45.8.0.2-AIoT-r5\u003c/p\u003e\u003cp\u003eSC211: Update to C_21.1.0.8-r5\u003c/p\u003e\u003cp\u003eSP111: Update to 52.8.0.4-r6\u003c/p\u003e\u003cp\u003eMS-Cxx66-RFIPKG1: Update to 63.8.0.5-r2-NX\u003c/p\u003e\u003cp\u003eMS-Cxx72-RFIPKG1: Update to 63.8.0.5-r2-NX\u003c/p\u003e\u003cp\u003eMS-Cxx66-FIPKG1: Update to 63.8.0.5-r2-NX\u003c/p\u003e\u003cp\u003eMS-Cxx72-FIPKG1: Update to 63.8.0.5-r2-NX\u003c/p\u003e"
}
],
"value": "Milesight advises all users to update their device to the latest firmware versions of PE/PC/PA found at https://www.milesight.com/support/download/firmware.\u00a0\n https://www.milesight.com/support/download/firmware \n\nMS-Cxx63-PD: Update to 51.7.0.77-r13\n\nMS-Cxx64-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx73-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx75-xxPD: Update to 51.7.0.77-r13\n\nMS-Cxx83-xPD: Update to 51.7.0.77-r13\n\nMS-Cxx74-PA: Update to 3x.8.0.3-r13\n\nMS-C8477-HPG1: Update to 63.8.0.4-r4\n\n\u00a0MS-C8477-PC: Update to 48.8.0.4-r4\n\nMS-C5321-FPE: Update to 62.8.0.4-r6\n\nMS-Cxx72-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx62-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx52-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxGPE: Update to 61.8.0.5-r2\n\nMS-Cxx61-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx67-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx71-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx41-xxxPE: Update to 61.8.0.5-r2\n\nMS-Cxx76-PE: Update to 61.8.0.5-r2\n\nMS-Cxx65-PE: Update to 61.8.0.5-r2\n\nMS-Cxx66-xxxG1: Update to 63.8.0.5-r4\n\nMS-Cxx62-xxxG1: Update to 63.8.0.5-r4\n\nMS-Cxx72-xxxG1: Update to 63.8.0.5-r4\n\nMS-CQxx31-xxxG1: Update to CQ_63.8.0.5-r2\u00a0\n\nMS-CQxx68-xxxG1: Update to CQ_63.8.0.5-r2\n\nMS-CQxx72-xxxG1: Update to CQ_63.8.0.5-r2\n\nMS-Nxxxx-NxE: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxC: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxE: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxG: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxH: Update to 7x.9.0.19-r6\n\nMS-Nxxxx-xxT: Update to 7x.9.0.19-r6\n\nPMC8266-FPE: Update to PO_61.8.0.4-r1\n\nPMC8266-FGPE: Update to PO_61.8.0.4-r1\n\nPM3322-E: Update to PI_61.8.0.3-r5\n\nTS4466-X4RIPG1: Update to T_63.8.0.4-r4\u00a0\n\nTS5366-X12RIPG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIPG1: Update to T_63.8.0.4-r4\n\nTS4466-X4RIVPG1: Update to T_63.8.0.4-r4\n\nTS4466-RFIVPG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIVPG1: Update to T_63.8.0.4-r4\n\nTS8266-RFIVPG1: Update to T_63.8.0.4-r4\n\nTS4466-X4RIWG1: Update to T_63.8.0.4-r4\n\nTS8266-X4RIWG1: Update to T_63.8.0.4-r4\n\nTS5510-GVH: Update to T_47.8.0.4-r8\n\nTS5510-GH: Update to T_47.8.0.4-r8\n\nTS5511-GVH: Update to T_47.8.0.4-r8\n\nTS2966-X12TPE: Update to T_61.8.0.4-r4\n\nTS4466-X4RPE: Update to T_61.8.0.4-r4\n\nTS5366-X12PE: Update to T_61.8.0.4-r4\n\nTS8266-X4PE: Update to T_61.8.0.4-r4\n\nTS2966-X12TVPE: Update to T_61.8.0.4-r4\n\nTS4466-X4RVPE: Update to T_61.8.0.4-r4\n\nTS5366-X12VPE: Update to T_61.8.0.4-r4\n\nTS8266-X4VPE: Update to T_61.8.0.4-r4\n\nTS4441-X36RPE: Update to T_61.8.0.4-r4\n\nTS4441-X36RE: Update to T_61.8.0.4-r4\n\nTS4466-X4RWE: Update to T_61.8.0.4-r4\n\nTS8266-X4WE: Update to T_61.8.0.4-r4\n\nMS-C2964-RFLPC: Update to T_45.8.0.3-r10\n\nMS-C2972-RFLPC: Update to T_45.8.0.3-r10\n\nMS-C2966-RFLWPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TVPC: Update to T_45.8.0.3-r10\n\nTS2866-X4TGPC: Update to T_45.8.0.3-r10\n\nTS2841-X36TPC: Update to T_45.8.0.3-r10\n\nTS2841-X36TPC/W: Update to T_45.8.0.3-r10\n\nTS2867-X5TPC: Update to T_45.8.0.3-r10\n\nTS2961-X12TPC: Update to T_45.8.0.3-r10\n\nTS8266-FPC/P: Update to T_45.8.0.3-r10\n\nMS-C2966-X12RLPC: Update to T_45.8.0.3-r10\n\nMS-C2966-X12RLVPC: Update to T_45.8.0.3-r10\n\nMS-C5366-X12LPC: Update to T_45.8.0.3-r10\n\nMS-C5366-X12LVPC: Update to T_45.8.0.3-r10\n\nMS-C5361-X12LPC: Update to T_45.8.0.3-r10\n\nMS-Cxx66-xxxxGOPC: Update to 45.8.0.2-AIoT-r5\n\nSC211: Update to C_21.1.0.8-r5\n\nSP111: Update to 52.8.0.4-r6\n\nMS-Cxx66-RFIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx72-RFIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx66-FIPKG1: Update to 63.8.0.5-r2-NX\n\nMS-Cxx72-FIPKG1: Update to 63.8.0.5-r2-NX"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMilesight asks all users to report potential security vulnerabilities to security@milesight.com.\u003cbr\u003e\u003ca href=\"mailto:security@milesight.com\"\u003emailto:security@milesight.com\u003c/a\u003e\u003cbr\u003eLearn more: Milesight Vulnerability Reporting Policy\u003cbr\u003e\u003ca href=\"https://www.milesight.com/legal/vulnerability-report\" title=\"(opens in a new window)\"\u003ehttps://www.milesight.com/legal/vulnerability-report\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Milesight asks all users to report potential security vulnerabilities to security@milesight.com.\n mailto:security@milesight.com \nLearn more: Milesight Vulnerability Reporting Policy\n https://www.milesight.com/legal/vulnerability-report"
}
],
"source": {
"advisory": "ICSA-26-113-03",
"discovery": "EXTERNAL"
},
"title": "Milesight Cameras Heap-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-20766",
"datePublished": "2026-04-27T23:45:52.896Z",
"dateReserved": "2026-03-12T17:51:09.860Z",
"dateUpdated": "2026-04-28T14:39:17.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20777 (GCVE-0-2026-20777)
Vulnerability from cvelistv5 – Published: 2026-03-03 14:32 – Updated: 2026-03-03 15:17
VLAI
Summary
A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Biosig Project | libbiosig |
Affected:
3.9.2
Affected: Master Branch (db9a9a63) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T15:13:53.561647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T15:14:07.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-03T15:17:02.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libbiosig",
"vendor": "The Biosig Project",
"versions": [
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "Master Branch (db9a9a63)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Mark Bereza and Lilith \u0026gt;_\u0026gt; of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T14:32:14.987Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2026-20777",
"datePublished": "2026-03-03T14:32:14.987Z",
"dateReserved": "2026-01-28T12:55:18.367Z",
"dateUpdated": "2026-03-03T15:17:02.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phases:
Description:
- Pre-design: Use a language or compiler that performs automatic bounds checking.
Mitigation
Phase: Architecture and Design
Description:
- Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation
Phase: Implementation
Description:
- Implement and perform bounds checking on input.
Mitigation
Phase: Implementation
Strategy: Libraries or Frameworks
Description:
- Do not use dangerous functions such as gets. Look for their safe equivalent, which checks for the boundary.
Mitigation
Phase: Operation
Description:
- Use OS-level preventative functionality. This is not a complete solution, but it provides some defense in depth.
CAPEC-92: Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.