{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33847", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T05:46:40.229Z", "datePublished": "2026-03-24T05:55:14.556Z", "dateUpdated": "2026-03-24T14:15:58.916Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:55:14.556Z"}, "title": "Improper Restriction of Operations within the Bounds of a Memory Buffer in linkingvision rapidvms", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "type": "CWE"}]}], "affected": [{"vendor": "linkingvision", "product": "rapidvms", "collectionURL": "https://github.com/linkingvision/rapidvms", "versions": [{"status": "affected", "version": "0", "lessThan": "PR#96", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.<p>This issue affects rapidvms: before PR#96.</p>"}]}], "references": [{"url": "https://github.com/linkingvision/rapidvms/pull/98", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:15:47.907139Z", "id": "CVE-2026-33847", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:15:58.916Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33847", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T14:15:47.907139Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:15:55.691Z"}}], "cna": {"title": "Improper Restriction of Operations within the Bounds of a Memory Buffer in linkingvision rapidvms", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "linkingvision", "product": "rapidvms", "versions": [{"status": "affected", "version": "0", "lessThan": "PR#96", "versionType": "git"}], "collectionURL": "https://github.com/linkingvision/rapidvms", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/linkingvision/rapidvms/pull/98", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96.", "supportingMedia": [{"type": "text/html", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.<p>This issue affects rapidvms: before PR#96.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:55:14.556Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33847", "state": "PUBLISHED", "dateUpdated": "2026-03-24T14:15:58.916Z", "dateReserved": "2026-03-24T05:46:40.229Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-03-24T05:55:14.556Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linkingvision:rapidvms:-:*:*:*:*:*:*:*", "matchCriteriaId": "66ED8209-0138-4730-B63D-839D8B5DAB01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96."}, {"lang": "es", "value": "Restricci\u00f3n Inapropiada de Operaciones dentro de los L\u00edmites de un B\u00fafer de Memoria vulnerabilidad en linkingvision rapidvms. Este problema afecta a rapidvms: antes de PR#96."}], "id": "CVE-2026-33847", "lastModified": "2026-04-20T20:19:54.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-03-24T06:16:21.670", "references": [{"source": "cve_disclosure@tech.gov.sg", "tags": ["Issue Tracking"], "url": "https://github.com/linkingvision/rapidvms/pull/98"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,PR#96)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "rapidvms", "source": "cna", "vendor": "linkingvision"}, "product": "rapidvms", "vendor": "linkingvision"}], "analysis": {"en": {"generated_at": "2026-03-24T09:21:33.977399+00:00", "value": {"mitigation_remediation": ["Apply a RapidVMS update that includes the changes from pull request\u202f#96 or later."], "summary": {"action": "Patch", "impact": "Buffer overflow"}, "threat_synthesis": {"affected_systems": "RapidVMS installations that were in use before the code changes introduced in pull request\u202f#96 are considered vulnerable. No specific version numbers are provided, so any release prior to that pull request should be treated as affected.", "description_and_impact": "An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability\u2014CWE-119\u2014exists in linkingvision rapidvms. The vulnerability allows data to be written beyond the intended memory buffer, but the official description does not elaborate on the exact operational consequences.", "risk_and_exploitability": "The CVSS base score of 7.8 classifies this defect as high severity. Exploit probability information is not available and the issue has not been listed in the Known Exploited Vulnerabilities catalog, so the risk of exploitation remains uncertain. The description does not specify the attack vector, therefore the accessibility and conditions required for exploitation cannot be determined from the available data."}}}}, "created": "2026-03-24T10:28:52.169643+00:00", "updated": "2026-03-25T20:39:56.685719+00:00", "vendors": ["linkingvision", "linkingvision$PRODUCT$rapidvms"]}