{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24830", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:59:05.366Z", "datePublished": "2026-01-27T09:28:07.853Z", "dateUpdated": "2026-01-27T14:31:35.731Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "IronOS", "vendor": "Ralim", "versions": [{"lessThan": "v2.23-rc2", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Integer Overflow or Wraparound vulnerability in Ralim IronOS.<p>This issue affects IronOS: before v2.23-rc2.</p>"}], "value": "Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T09:28:07.853Z"}, "references": [{"url": "https://github.com/Ralim/IronOS/pull/2083"}], "source": {"discovery": "UNKNOWN"}, "title": "Integer Overflow or Wraparound in IronOS", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T14:30:01.355886Z", "id": "CVE-2026-24830", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T14:31:35.731Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24830", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-27T14:30:01.355886Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T14:30:22.559Z"}}], "cna": {"title": "Integer Overflow or Wraparound in IronOS", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ralim", "product": "IronOS", "versions": [{"status": "affected", "version": "0", "lessThan": "v2.23-rc2", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/Ralim/IronOS/pull/2083"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2.", "supportingMedia": [{"type": "text/html", "value": "Integer Overflow or Wraparound vulnerability in Ralim IronOS.<p>This issue affects IronOS: before v2.23-rc2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T09:28:07.853Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24830", "state": "PUBLISHED", "dateUpdated": "2026-01-27T14:31:35.731Z", "dateReserved": "2026-01-27T08:59:05.366Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T09:28:07.853Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2."}, {"lang": "es", "value": "Vulnerabilidad de desbordamiento de entero o desbordamiento circular en Ralim IronOS. Este problema afecta a IronOS: anterior a la v2.23-rc2."}], "id": "CVE-2026-24830", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T10:15:50.053", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/Ralim/IronOS/pull/2083"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T02:14:12.478068+00:00", "value": {"mitigation_remediation": ["Upgrade IronOS to version v2.23-rc2 or later to eliminate the integer overflow flaw.", "If an upgrade cannot be performed immediately, isolate the device from untrusted networks and restrict access to the interfaces that process unvalidated input.", "Deploy firewall rules or network segmentation to block or quarantine traffic that could exploit the vulnerable code paths until a patch is applied."], "summary": {"action": "Apply Patch", "impact": "Potential memory corruption leading to arbitrary code execution"}, "threat_synthesis": {"affected_systems": "Affected product is Ralim IronOS firmware version 2.22 and earlier, prior to the release of v2.23-rc2. Systems running these older firmware builds are exposed.", "description_and_impact": "Integer Overflow or Wraparound vulnerability allows a malicious actor to cause arithmetic overflow in critical code paths within IronOS. The error can corrupt memory or control data, which could lead to arbitrary code execution, privilege escalation or denial of service.", "risk_and_exploitability": "The CVSS score of 9.8 classifies this vulnerability as critical. An EPSS score of less than 1% indicates low but non\u2011zero exploitation likelihood, and the issue is not listed in the CISA KEV catalog. The description does not specify an attack vector; based on the nature of integer overflows in networking stacks, it is inferred that exploitation could occur via malformed packets or inputs that trigger wraparound, possibly from remote sources if the vulnerable interfaces are reachable."}}}}, "created": "2026-01-27T20:17:01.050619+00:00", "updated": "2026-04-18T02:15:05.893424+00:00", "vendors": ["ralim", "ralim$PRODUCT$ironos"]}