{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24832", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:59:05.367Z", "datePublished": "2026-01-27T15:43:52.586Z", "dateUpdated": "2026-01-27T21:35:28.495Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ixray-1.6-stcop", "vendor": "ixray-team", "versions": [{"lessThan": "1.3", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.<p>This issue affects ixray-1.6-stcop: before 1.3.</p>"}], "value": "Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T15:43:52.586Z"}, "references": [{"url": "https://github.com/ixray-team/ixray-1.6-stcop/pull/257"}], "source": {"discovery": "UNKNOWN"}, "title": "Out-of-bounds write in ixray-1.6-stcop", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T21:07:04.332314Z", "id": "CVE-2026-24832", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T21:35:28.495Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24832", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-27T21:07:04.332314Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T21:07:07.108Z"}}], "cna": {"title": "Out-of-bounds write in ixray-1.6-stcop", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ixray-team", "product": "ixray-1.6-stcop", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/ixray-team/ixray-1.6-stcop/pull/257"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.<p>This issue affects ixray-1.6-stcop: before 1.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T15:43:52.586Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24832", "state": "PUBLISHED", "dateUpdated": "2026-01-27T21:35:28.495Z", "dateReserved": "2026-01-27T08:59:05.367Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T15:43:52.586Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ixray-team:ix-ray_engine_1.6:*:*:*:*:*:*:*:*", "matchCriteriaId": "33DE6259-5807-46DF-AB3C-8A8271716001", "versionEndExcluding": "1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3."}], "id": "CVE-2026-24832", "lastModified": "2026-02-05T17:02:11.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T16:16:36.033", "references": [{"source": "cve_disclosure@tech.gov.sg", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/ixray-team/ixray-1.6-stcop/pull/257"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T02:12:11.116171+00:00", "value": {"mitigation_remediation": ["Upgrade ix\u2011ray_engine 1.6 to version 1.3 or later, which incorporates the fix showcased in pull request\u202f257.", "If an upgrade cannot be performed immediately, limit the component to trusted input only and disable any external interfaces that could receive untrusted data.", "Apply any additional security controls for related components and keep abreast of the vendor\u2019s update channel for further patches."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability impacts ixray\u2011team\u2019s ix\u2011ray_engine 1.6 (ixray\u20111.6\u2011stcop). All releases before version 1.3 are affected; the 1.3 release contains the remediation.", "description_and_impact": "An out\u2010of\u2011bounds write in the ix\u2011ray_engine 1.6 component allows arbitrary memory corruption and can enable an attacker to execute code or crash the system, therefore compromising confidentiality, integrity and availability.", "risk_and_exploitability": "The CVSS score of 9.8 denotes a severe risk. The EPSS rating is below 1\u202f%, indicating a low probability of exploitation in the wild. It is not listed in the CISA KEV catalog. Detailed attack vectors are not provided in the source data, but the nature of the flaw suggests a remote attacker could trigger the out\u2011of\u2011bounds write by sending crafted input to the affected module, though no public exploit has been reported."}}}}, "created": "2026-01-28T12:22:32.841019+00:00", "updated": "2026-04-18T02:15:05.892258+00:00", "vendors": ["ixray-team", "ixray-team$PRODUCT$ixray"]}