{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24827", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:59:05.366Z", "datePublished": "2026-01-27T09:12:55.728Z", "dateUpdated": "2026-01-27T15:03:10.130Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Commander-Genius", "vendor": "gerstrong", "versions": [{"lessThan": "Release refs/pull/358/merge", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Out-of-bounds Write vulnerability in gerstrong Commander-Genius.<p>This issue affects Commander-Genius: before Release refs/pull/358/merge.</p>"}], "value": "Out-of-bounds Write vulnerability in gerstrong Commander-Genius.This issue affects Commander-Genius: before Release refs/pull/358/merge."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T09:12:55.728Z"}, "references": [{"url": "https://github.com/gerstrong/Commander-Genius/pull/379"}], "source": {"discovery": "UNKNOWN"}, "title": "Out-of-bounds write in Commander-Genius", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T14:58:21.642465Z", "id": "CVE-2026-24827", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T15:03:10.130Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24827", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T14:58:21.642465Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T14:58:32.689Z"}}], "cna": {"title": "Out-of-bounds write in Commander-Genius", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "gerstrong", "product": "Commander-Genius", "versions": [{"status": "affected", "version": "0", "lessThan": "Release refs/pull/358/merge", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/gerstrong/Commander-Genius/pull/379"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds Write vulnerability in gerstrong Commander-Genius.This issue affects Commander-Genius: before Release refs/pull/358/merge.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds Write vulnerability in gerstrong Commander-Genius.<p>This issue affects Commander-Genius: before Release refs/pull/358/merge.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T09:12:55.728Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24827", "state": "PUBLISHED", "dateUpdated": "2026-01-27T15:03:10.130Z", "dateReserved": "2026-01-27T08:59:05.366Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T09:12:55.728Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds Write vulnerability in gerstrong Commander-Genius.This issue affects Commander-Genius: before Release refs/pull/358/merge."}, {"lang": "es", "value": "Vulnerabilidad de escritura fuera de l\u00edmites en gerstrong Commander-Genius. Este problema afecta a Commander-Genius: antes de Release refs/pull/358/merge."}], "id": "CVE-2026-24827", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T10:15:49.650", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/gerstrong/Commander-Genius/pull/379"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T14:51:10.079384+00:00", "value": {"mitigation_remediation": ["Update Commander\u2011Genius to a version that incorporates the fix from pull/379 or any later release from gerstrong.", "If you build the game from source, recompile the project after fetching the latest code to ensure the patch is included.", "Run the game under a non\u2011privileged user account to limit potential damage if the flaw is exploited."], "summary": {"action": "Patch immediately", "impact": "Arbitrary code execution or program crash through a memory corruption flaw"}, "threat_synthesis": {"affected_systems": "Users running Commander\u2011Genius from gerstrong who have not upgraded beyond the snapshot preceding Release refs/pull/358/merge are affected. The exact version numbers are not listed, but any build compiled before that merge is vulnerable.", "description_and_impact": "The vulnerability is an out-of-bounds write that corrupts memory within the Commander\u2011Genius application. If successfully triggered, an attacker could overwrite adjacent memory, potentially leading to arbitrary code execution or a forced crash, which compromises the integrity of the system running the game.", "risk_and_exploitability": "The CVSS score is 7.5, indicating a high severity, while the EPSS score is below 1%, suggesting a very low exploitation probability at this time. The vulnerability is not listed in the CISA KEV catalog. The most likely attack vector is local, requiring the user to provide input that causes the out-of-bounds write during normal gameplay or data processing. No direct exploitation technique is disclosed, but an attacker with sufficient privileges or control over the game\u2019s input could potentially exploit it to run arbitrary code."}}}}, "created": "2026-01-27T20:17:00.302237+00:00", "updated": "2026-04-18T15:00:03.443288+00:00", "vendors": ["gerstrong", "gerstrong$PRODUCT$commander-genius"]}