{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24829", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:59:05.366Z", "datePublished": "2026-01-27T09:15:31.354Z", "dateUpdated": "2026-01-27T16:56:21.744Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "is-Engine", "vendor": "Is-Daouda", "versions": [{"lessThan": "3.3.4", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.<p>This issue affects is-Engine: before 3.3.4.</p>"}], "value": "Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T09:15:31.354Z"}, "references": [{"url": "https://github.com/Is-Daouda/is-Engine/pull/7"}], "source": {"discovery": "UNKNOWN"}, "title": "Out-of-bounds write in is-Engine", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T16:56:08.484343Z", "id": "CVE-2026-24829", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T16:56:21.744Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24829", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T16:56:08.484343Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T16:56:14.625Z"}}], "cna": {"title": "Out-of-bounds write in is-Engine", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Is-Daouda", "product": "is-Engine", "versions": [{"status": "affected", "version": "0", "lessThan": "3.3.4", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/Is-Daouda/is-Engine/pull/7"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.<p>This issue affects is-Engine: before 3.3.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T09:15:31.354Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24829", "state": "PUBLISHED", "dateUpdated": "2026-01-27T16:56:21.744Z", "dateReserved": "2026-01-27T08:59:05.366Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T09:15:31.354Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4."}, {"lang": "es", "value": "Vulnerabilidad de escritura fuera de l\u00edmites y desbordamiento de b\u00fafer basado en mont\u00edculo en Is-Daouda is-Engine. Este problema afecta a is-Engine: antes de 3.3.4."}], "id": "CVE-2026-24829", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T10:15:49.917", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/Is-Daouda/is-Engine/pull/7"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-787"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T14:51:00.083879+00:00", "value": {"mitigation_remediation": ["Upgrade is\u2011Engine to version 3.3.4 or later, which removes the heap\u2011based buffer overflow.", "If an immediate upgrade is not possible, restrict external access to the is\u2011Engine service to trusted IP ranges or internal users only.", "Enable available memory protection mechanisms\u2014such as stack canaries, address space layout randomization, and bounds checking\u2014to reduce the risk of successful exploitation."], "summary": {"action": "Patch Now", "impact": "Memory corruption"}, "threat_synthesis": {"affected_systems": "All instances of Is\u2011Daouda is\u2011Engine older than version 3.3.4 are affected. The product is listed as is\u2011Engine and the vulnerability applies to every release before 3.3.4. No other affected products or versions are documented in the available data.", "description_and_impact": "Is\u2011Daouda's is\u2011Engine contains an out\u2011of\u2011bounds write that causes a heap\u2011based buffer overflow. The flaw can corrupt memory beyond the intended buffer size, potentially leading to a crash or other unintended behavior. The vulnerability is classified as a memory corruption issue (CWE\u2011122, CWE\u2011787).", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity. The EPSS score of less than 1% suggests a low probability of exploitation, and the vulnerability is not recorded in CISA's KEV catalog. The description infers that the overflow can be triggered by supplied input, so the likely attack vector is remote. However, the specific exposure (network vs local) is not detailed in the advisory, so environments should verify whether is\u2011Engine processes external data. Exploitation would require crafting input that overflows the heap buffer; no authentication or privilege escalation is described, which limits the impact to the privileges of the running process."}}}}, "created": "2026-01-27T20:17:19.649087+00:00", "updated": "2026-04-18T15:00:03.442674+00:00", "vendors": ["is-daouda", "is-daouda$PRODUCT$is-engine"]}