{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24822", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:48:56.893Z", "datePublished": "2026-01-27T08:58:45.455Z", "dateUpdated": "2026-01-27T16:59:40.636Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/ttttupup/wxhelper", "defaultStatus": "unaffected", "modules": ["src"], "product": "wxhelper", "programFiles": ["mongoose.c"], "vendor": "ttttupup", "versions": [{"lessThanOrEqual": "3.9.10.19-v1", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules).<p> This vulnerability is associated with program files <tt>mongoose.C</tt>.</p><p>This issue affects wxhelper: through 3.9.10.19-v1.</p>"}], "value": "Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is associated with program files mongoose.C.\n\nThis issue affects wxhelper: through 3.9.10.19-v1."}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 10, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:D/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:58:45.455Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/ttttupup/wxhelper/pull/515"}], "source": {"discovery": "UNKNOWN"}, "title": "a heap-based buffer overflow vulnerability in ttttupup/wxhelper via src/mongoose.", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T16:59:32.762818Z", "id": "CVE-2026-24822", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T16:59:40.636Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24822", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-27T16:59:32.762818Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T16:59:37.400Z"}}], "cna": {"title": "a heap-based buffer overflow vulnerability in ttttupup/wxhelper via src/mongoose.", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 10, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:D/RE:M/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ttttupup", "modules": ["src"], "product": "wxhelper", "versions": [{"status": "affected", "version": "0", "versionType": "git", "lessThanOrEqual": "3.9.10.19-v1"}], "programFiles": ["mongoose.c"], "collectionURL": "https://github.com/ttttupup/wxhelper", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/ttttupup/wxhelper/pull/515", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is associated with program files mongoose.C.\n\nThis issue affects wxhelper: through 3.9.10.19-v1.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules).<p> This vulnerability is associated with program files <tt>mongoose.C</tt>.</p><p>This issue affects wxhelper: through 3.9.10.19-v1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:58:45.455Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24822", "state": "PUBLISHED", "dateUpdated": "2026-01-27T16:59:40.636Z", "dateReserved": "2026-01-27T08:48:56.893Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T08:58:45.455Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is associated with program files mongoose.C.\n\nThis issue affects wxhelper: through 3.9.10.19-v1."}, {"lang": "es", "value": "Escritura fuera de l\u00edmites, vulnerabilidad de desbordamiento de b\u00fafer basado en mont\u00edculo en ttttupup wxhelper (m\u00f3dulos src). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa mongoose.C.\n\nEste problema afecta a wxhelper: hasta la 3.9.10.19-v1."}], "id": "CVE-2026-24822", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T09:15:52.937", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/ttttupup/wxhelper/pull/515"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-787"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T14:53:03.896306+00:00", "value": {"mitigation_remediation": ["Upgrade to a patched version of wxhelper when it becomes available from the maintainers.", "Restrict incoming data to only trusted sources and apply validation or sanitization before it reaches the mongoose module to prevent malformed input.", "Run the wxhelper service with the least privileges necessary and limit its network exposure to trusted hosts.", "Configure operating\u2011system level hardening such as ASLR, DEP, and heap randomization to reduce the impact of any remaining buffer overflows."], "summary": {"action": "Immediate Patch", "impact": "Heap\u2011based buffer overflow causing memory corruption"}, "threat_synthesis": {"affected_systems": "The wxhelper application from the ttttupup project is affected. All releases up to and including version 3.9.10.19\u2011v1 contain the vulnerability in the source file mongoose.C that is used by wxhelper modules.", "description_and_impact": "Out\u2011of\u2011bounds write in the mongoose module of wxhelper leads to a heap\u2011based buffer overflow. The overflow can corrupt memory, potentially resulting in application crashes or data integrity failures. In the worst case, the corrupted memory could be leveraged to execute arbitrary code, though the CVE description does not explicitly confirm this outcome.", "risk_and_exploitability": "The CVSS score is 10, indicating critical severity. The EPSS score is below 1%, implying a very low exploitation probability as of this analysis, and the vulnerability is not listed in the CISA KEV catalog, so no public exploits are known. Based on the description, it is inferred that an attacker could supply malformed input to the mongoose module\u2014potentially via a network service or a local file\u2014to trigger the overflow. The attack vector could be remote if the module accepts external input, or local if the service runs with sufficient privileges on the host. The high severity and the possibility of arbitrary code execution make the risk significant once the flaw is exploited."}}}}, "created": "2026-01-27T20:17:17.562416+00:00", "updated": "2026-04-18T15:00:03.445563+00:00", "vendors": ["ttttupup", "ttttupup$PRODUCT$wxhelper"]}