{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24828", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:59:05.366Z", "datePublished": "2026-01-27T09:14:16.784Z", "dateUpdated": "2026-01-27T16:57:01.241Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "is-Engine", "vendor": "Is-Daouda", "versions": [{"lessThan": "3.3.4", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.<p>This issue affects is-Engine: before 3.3.4.</p>"}], "value": "Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T09:14:16.784Z"}, "references": [{"url": "https://github.com/Is-Daouda/is-Engine/pull/6"}], "source": {"discovery": "UNKNOWN"}, "title": "Memory leak in is-Engine", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T16:56:52.041245Z", "id": "CVE-2026-24828", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T16:57:01.241Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24828", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T16:56:52.041245Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T16:56:57.561Z"}}], "cna": {"title": "Memory leak in is-Engine", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Is-Daouda", "product": "is-Engine", "versions": [{"status": "affected", "version": "0", "lessThan": "3.3.4", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/Is-Daouda/is-Engine/pull/6"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.", "supportingMedia": [{"type": "text/html", "value": "Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.<p>This issue affects is-Engine: before 3.3.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T09:14:16.784Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24828", "state": "PUBLISHED", "dateUpdated": "2026-01-27T16:57:01.241Z", "dateReserved": "2026-01-27T08:59:05.366Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T09:14:16.784Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4."}, {"lang": "es", "value": "Vulnerabilidad de falta de liberaci\u00f3n de memoria despu\u00e9s de la vida \u00fatil efectiva en Is-Daouda is-Engine. Este problema afecta a is-Engine: antes de 3.3.4."}], "id": "CVE-2026-24828", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T10:15:49.780", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/Is-Daouda/is-Engine/pull/6"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T02:16:33.332688+00:00", "value": {"mitigation_remediation": ["Upgrade Is\u2011Daouda is\u2011Engine to version 3.3.4 or later. ", "If an upgrade cannot be performed immediately, restart the application periodically to release memory and mitigate resource exhaustion. ", "Configure operating system resource limits (e.g., ulimit or cgroups) to prevent the process from consuming excessive memory."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Is\u2011Daouda is\u2011Engine versions prior to 3.3.4 are affected. No other vendors or product versions are listed.", "description_and_impact": "The vulnerability is a missing Release of Memory after the Effective Lifetime in the Is-Daouda is-Engine library, which causes a memory leak. The continuous accumulation of unreleased memory can exhaust system resources, leading to degraded performance or crashes. The weakness is defined as CWE\u2011401, a classic memory leak, affecting confidentiality or integrity only if the leaked memory contains sensitive data, but the primary impact is availability.", "risk_and_exploitability": "The CVSS score of 7.5 indicates high severity. The EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local or through exposed application interfaces; the description does not specify network exposure, so this is inferred. An attacker could potentially trigger resource exhaustion by inducing the application to allocate large or frequent memory blocks, leading to service disruption."}}}}, "created": "2026-01-27T20:17:14.663663+00:00", "updated": "2026-04-18T02:30:15.857823+00:00", "vendors": ["is-daouda", "is-daouda$PRODUCT$is-engine"]}