{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24794", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:18:43.267Z", "datePublished": "2026-01-27T08:21:22.643Z", "dateUpdated": "2026-01-27T21:39:21.583Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/CardboardPowered/cardboard", "defaultStatus": "unaffected", "modules": ["src/main/java/org/cardboardpowered/impl/world"], "product": "cardboard", "programFiles": ["WorldImpl.java"], "vendor": "CardboardPowered", "versions": [{"lessThan": "1.21.4", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard (src/main/java/org/cardboardpowered/impl/world modules).<p> This vulnerability is associated with program files <tt>WorldImpl.Java</tt>.</p><p>This issue affects cardboard: before 1.21.4.</p>"}], "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard (src/main/java/org/cardboardpowered/impl/world modules). This vulnerability is associated with program files WorldImpl.Java.\n\nThis issue affects cardboard: before 1.21.4."}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.2, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:21:22.643Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/CardboardPowered/cardboard/pull/506"}], "source": {"discovery": "UNKNOWN"}, "title": "Chunk Unloading Security Vulnerability in CardboardPowered/cardboard", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T21:10:08.693937Z", "id": "CVE-2026-24794", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T21:39:21.583Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24794", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T21:10:08.693937Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T21:10:11.365Z"}}], "cna": {"title": "Chunk Unloading Security Vulnerability in CardboardPowered/cardboard", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 9.2, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/V:C/RE:M/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "CardboardPowered", "modules": ["src/main/java/org/cardboardpowered/impl/world"], "product": "cardboard", "versions": [{"status": "affected", "version": "0", "lessThan": "1.21.4", "versionType": "git"}], "programFiles": ["WorldImpl.java"], "collectionURL": "https://github.com/CardboardPowered/cardboard", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/CardboardPowered/cardboard/pull/506", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard (src/main/java/org/cardboardpowered/impl/world modules). This vulnerability is associated with program files WorldImpl.Java.\n\nThis issue affects cardboard: before 1.21.4.", "supportingMedia": [{"type": "text/html", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard (src/main/java/org/cardboardpowered/impl/world modules).<p> This vulnerability is associated with program files <tt>WorldImpl.Java</tt>.</p><p>This issue affects cardboard: before 1.21.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:21:22.643Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24794", "state": "PUBLISHED", "dateUpdated": "2026-01-27T21:39:21.583Z", "dateReserved": "2026-01-27T08:18:43.267Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T08:21:22.643Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard (src/main/java/org/cardboardpowered/impl/world modules). This vulnerability is associated with program files WorldImpl.Java.\n\nThis issue affects cardboard: before 1.21.4."}, {"lang": "es", "value": "Vulnerabilidad de Restricci\u00f3n Inadecuada de Operaciones dentro de los L\u00edmites de un B\u00fafer de Memoria en CardboardPowered cardboard (m\u00f3dulos src/main/java/org/cardboardpowered/impl/world). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa WorldImpl.Java.\n\nEste problema afecta a cardboard: antes de 1.21.4."}], "id": "CVE-2026-24794", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.2, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T09:15:49.090", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/CardboardPowered/cardboard/pull/506"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T14:56:40.236317+00:00", "value": {"mitigation_remediation": ["Upgrade to CardboardPowered cardboard version 1.21.4 or newer to address the buffer overflow in world chunk unloading logic.", "If an immediate upgrade is not possible, disable or restrict the world chunk unloading feature in the server configuration to limit exposure to the vulnerability.", "Monitor for abnormal world unload activity to detect potential exploitation attempts."], "summary": {"action": "Immediate Patch", "impact": "Potential memory corruption due to a buffer overflow that could lead to remote code execution"}, "threat_synthesis": {"affected_systems": "The affected product is CardboardPowered cardboard. All versions prior to 1.21.4 are vulnerable. No other vendors or product versions are listed in the CVE record.", "description_and_impact": "An improper restriction of operations within the bounds of a memory buffer exists in the CardboardPowered cardboard server implementation. The flaw is located in the world unloading logic, specifically within the WorldImpl.Java module. When a world chunk is unloaded, data is not correctly bounded before being written or read, which can corrupt memory. This vulnerability may allow an attacker to overwrite critical data structures or execute arbitrary code. The description does not explicitly state a confirmed exploit, but the nature of the flaw suggests the potential for remote code execution or denial of service.", "risk_and_exploitability": "The CVSS score of 9.2 indicates a high severity. EPSS is reported as less than 1%, meaning the probability of exploitation is currently very low, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves a malicious user triggering the world chunk unloading process through the server\u2019s management interface or by manipulating player movement, which would require access to the server environment. While no active exploits are known, the high CVSS combined with the memory corruption potential means that, if exploited, an attacker could hijack execution flow, gain privileged access, or disrupt service."}}}}, "created": "2026-01-27T20:17:08.937688+00:00", "updated": "2026-04-18T15:00:03.451748+00:00", "vendors": ["cardboardpowered", "cardboardpowered$PRODUCT$cardboard"]}