{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24831", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:59:05.366Z", "datePublished": "2026-01-27T15:40:51.479Z", "dateUpdated": "2026-01-27T21:35:42.573Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ixray-1.6-stcop", "vendor": "ixray-team", "versions": [{"lessThan": "1.3", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.<p>This issue affects ixray-1.6-stcop: before 1.3.</p>"}], "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T15:40:51.479Z"}, "references": [{"url": "https://github.com/ixray-team/ixray-1.6-stcop/pull/248"}], "source": {"discovery": "UNKNOWN"}, "title": "Infinite loop (DoS) in ixray-1.6-stcop", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T21:07:14.894537Z", "id": "CVE-2026-24831", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T21:35:42.573Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24831", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T21:07:14.894537Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T21:07:17.727Z"}}], "cna": {"title": "Infinite loop (DoS) in ixray-1.6-stcop", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ixray-team", "product": "ixray-1.6-stcop", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/ixray-team/ixray-1.6-stcop/pull/248"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.", "supportingMedia": [{"type": "text/html", "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.<p>This issue affects ixray-1.6-stcop: before 1.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T15:40:51.479Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24831", "state": "PUBLISHED", "dateUpdated": "2026-01-27T21:35:42.573Z", "dateReserved": "2026-01-27T08:59:05.366Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T15:40:51.479Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ixray-team:ix-ray_engine_1.6:*:*:*:*:*:*:*:*", "matchCriteriaId": "33DE6259-5807-46DF-AB3C-8A8271716001", "versionEndExcluding": "1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3."}], "id": "CVE-2026-24831", "lastModified": "2026-02-05T17:02:35.337", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T16:16:35.903", "references": [{"source": "cve_disclosure@tech.gov.sg", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/ixray-team/ixray-1.6-stcop/pull/248"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T02:12:43.623665+00:00", "value": {"mitigation_remediation": ["Upgrade ixray-1.6-stcop to version 1.3 or later, which resolves the loop condition.", "If an upgrade is not immediately possible, restart the ix-ray engine frequently or run it under a process supervisor with resource limits to mitigate the DoS impact.", "Monitor system CPU and memory metrics for abrupt spikes that may indicate the loop is active."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is ix-ray engine 1.6, distributed as ixray-1.6-stcop by ixray-Team. Versions before 1.3 are impacted. No other versions have been identified as affected.", "description_and_impact": "The vulnerability involves an infinite loop caused by an unreachable exit condition. An attacker can trigger this loop, exhausting CPU and memory resources, which results in a denial of service. This flaw is categorized as CWE\u2011835, an infinite loop weakness.", "risk_and_exploitability": "The base CVSS score is 7.5, indicating high severity. EPSS is less than 1%, suggesting low current exploitation likelihood, and the vulnerability is not listed in the CISA KEV catalog. The loop is likely triggered by normal execution of the engine, so an attacker could induce a denial of service by supplying heavy input or by simply letting the process run. No explicit remote network vector is disclosed; the issue appears to be local or privilege-based."}}}}, "created": "2026-01-27T20:16:28.562821+00:00", "updated": "2026-04-18T02:15:05.892857+00:00", "vendors": ["ixray-team", "ixray-team$PRODUCT$ixray"]}