{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24801", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:18:43.268Z", "datePublished": "2026-01-27T08:36:25.407Z", "dateUpdated": "2026-03-03T15:57:24.371Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/Ralim/IronOS", "defaultStatus": "affected", "modules": ["source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source"], "product": "IronOS", "programFiles": ["ecc_dsa.c"], "vendor": "Ralim", "versions": [{"lessThan": "v2.23-rc3", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerability in Ralim IronOS (source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source modules).<p> This vulnerability is associated with program files <tt>ecc_dsa.C</tt>.</p><p>This issue affects IronOS: before v2.23-rc3.</p>"}], "value": "Vulnerability in Ralim IronOS (source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source modules). This vulnerability is associated with program files ecc_dsa.C.\n\nThis issue affects IronOS: before v2.23-rc3."}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "PHYSICAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/S:N/AU:N/R:U/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:36:25.407Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/Ralim/IronOS/pull/2087"}], "source": {"discovery": "UNKNOWN"}, "title": "A Potential SPA-vulnerability in Ralim/IronOS", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T17:02:46.408520Z", "id": "CVE-2026-24801", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T15:57:24.371Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24801", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-27T17:02:46.408520Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T17:02:52.519Z"}}], "cna": {"title": "A Potential SPA-vulnerability in Ralim/IronOS", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 6.9, "Automatable": "NO", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/S:N/AU:N/R:U/V:C/RE:M/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ralim", "modules": ["source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source"], "product": "IronOS", "versions": [{"status": "affected", "version": "0", "lessThan": "v2.23-rc3", "versionType": "git"}], "programFiles": ["ecc_dsa.c"], "collectionURL": "https://github.com/Ralim/IronOS", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/Ralim/IronOS/pull/2087", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Vulnerability in Ralim IronOS (source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source modules). This vulnerability is associated with program files ecc_dsa.C.\n\nThis issue affects IronOS: before v2.23-rc3.", "supportingMedia": [{"type": "text/html", "value": "Vulnerability in Ralim IronOS (source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source modules).<p> This vulnerability is associated with program files <tt>ecc_dsa.C</tt>.</p><p>This issue affects IronOS: before v2.23-rc3.</p>", "base64": false}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:36:25.407Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24801", "state": "PUBLISHED", "dateUpdated": "2026-03-03T15:57:24.371Z", "dateReserved": "2026-01-27T08:18:43.268Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T08:36:25.407Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in Ralim IronOS (source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source modules). This vulnerability is associated with program files ecc_dsa.C.\n\nThis issue affects IronOS: before v2.23-rc3."}, {"lang": "es", "value": "Vulnerabilidad en Ralim IronOS (m\u00f3dulos source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa ecc_dsa.C.\n\nEste problema afecta a IronOS: antes de la v2.23-rc3."}], "id": "CVE-2026-24801", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T09:15:50.057", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/Ralim/IronOS/pull/2087"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T17:38:50.317774+00:00", "value": {"mitigation_remediation": ["Upgrade IronOS firmware to v2.23-rc3 or later, which removes the vulnerable ecc_dsa.C code.", "Disable or restrict unused BLE services to reduce the attack surface that could be exploited through path traversal.", "Verify that the device\u2019s configuration restricts file access to the intended directories, ensuring that even if the flaw is present, file permissions limit the potential impact."], "summary": {"action": "Upgrade", "impact": "Directory Traversal"}, "threat_synthesis": {"affected_systems": "Ralim IronOS firmware versions prior to v2.23-rc3 are affected. Any deployment of these firmware releases inherits the path traversal defect in the tinycrypt layers, regardless of external modules or configurations. Users running older IronOS builds should verify the firmware version and consider upgrading to avoid the disclosed weakness.", "description_and_impact": "A path traversal flaw exists in the tinycrypt library modules referenced by ecc_dsa.C within Ralim IronOS. The defect could allow an attacker to construct input that references files outside the intended directory, potentially exposing sensitive configuration files or allowing arbitrary file read. Although the description does not explicitly state a remote code execution vector, path traversal vulnerabilities are commonly leveraged to gain further footholds or to read executable binaries, which can lead to compromise. The vulnerability is specifically tied to the BLE stack component, indicating that the attack may occur through the device\u2019s BLE interface or any middleware that processes BLE data.", "risk_and_exploitability": "The CVSS v3.1 base score of 6.9 denotes a moderate severity defect. The EPSS score of less than 1% indicates a very low probability of exploitation at the time of this assessment, and the vulnerability is not listed in the CISA KEV catalog. The most likely attack surface involves the device\u2019s BLE interface or associated management services, where crafted inputs could trigger the path traversal. The impact is confinement to information disclosure or file access, but could serve as a step toward a broader compromise depending on the system\u2019s configuration and the sensitivity of the exposed files."}}}}, "created": "2026-01-27T20:16:57.134340+00:00", "updated": "2026-04-16T17:45:27.371404+00:00", "vendors": ["ralim", "ralim$PRODUCT$ironos"]}