{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33848", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T05:46:40.230Z", "datePublished": "2026-03-24T05:51:10.330Z", "dateUpdated": "2026-03-24T14:17:00.767Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:51:10.330Z"}, "title": "Improper Restriction of Operations within the Bounds of a Memory Buffer in linkingvision rapidvms", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "type": "CWE"}]}], "affected": [{"vendor": "linkingvision", "product": "rapidvms", "collectionURL": "https://github.com/linkingvision/rapidvms", "versions": [{"status": "affected", "version": "0", "lessThan": "PR#96", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.<p>This issue affects rapidvms: before PR#96.</p>"}]}], "references": [{"url": "https://github.com/linkingvision/rapidvms/pull/96", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:16:53.420778Z", "id": "CVE-2026-33848", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:17:00.767Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33848", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T14:16:53.420778Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:16:57.974Z"}}], "cna": {"title": "Improper Restriction of Operations within the Bounds of a Memory Buffer in linkingvision rapidvms", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "linkingvision", "product": "rapidvms", "versions": [{"status": "affected", "version": "0", "lessThan": "PR#96", "versionType": "git"}], "collectionURL": "https://github.com/linkingvision/rapidvms", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/linkingvision/rapidvms/pull/96", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96.", "supportingMedia": [{"type": "text/html", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.<p>This issue affects rapidvms: before PR#96.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:51:10.330Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33848", "state": "PUBLISHED", "dateUpdated": "2026-03-24T14:17:00.767Z", "dateReserved": "2026-03-24T05:46:40.230Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-03-24T05:51:10.330Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linkingvision:rapidvms:-:*:*:*:*:*:*:*", "matchCriteriaId": "66ED8209-0138-4730-B63D-839D8B5DAB01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96."}, {"lang": "es", "value": "Restricci\u00f3n indebida de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria vulnerabilidad en linkingvision rapidvms. Este problema afecta a rapidvms: antes de PR#96."}], "id": "CVE-2026-33848", "lastModified": "2026-04-20T20:20:12.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-03-24T06:16:21.927", "references": [{"source": "cve_disclosure@tech.gov.sg", "tags": ["Issue Tracking"], "url": "https://github.com/linkingvision/rapidvms/pull/96"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,PR#96)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "rapidvms", "source": "cna", "vendor": "linkingvision"}, "product": "rapidvms", "vendor": "linkingvision"}], "analysis": {"en": {"generated_at": "2026-03-24T07:51:37.068806+00:00", "value": {"mitigation_remediation": ["Apply the patch contained in pull request #96 to Rapidvms.", "Restart any services that depend on Rapidvms after applying the patch.", "Verify that the patched version is running by checking the application version, and review logs for abnormal activity."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The flaw affects Linkingvision Rapidvms for any version released before the fix in pull request #96. Specific version numbers are not listed, so any pre-PR-96 build is considered vulnerable. The affected product is linkingvision:rapidvms.", "description_and_impact": "The vulnerability is a buffer overflow caused by improper restriction of operations within the bounds of a memory buffer. Classified as CWE-119, this flaw allows an attacker to overwrite adjacent memory, potentially leading to arbitrary code execution or a denial of service. The CVSS score of 8.8 reflects the high potential impact of this weakness.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity, and the epidemic spread likelihood is not available, as the EPSS score is not provided. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, because a buffer overflow can be triggered by an attacker sending crafted data over an exposed interface; based on the description, it is inferred that untrusted input could trigger the overflow. Consequently, systems exposing Rapidvms to untrusted traffic are at significant risk unless mitigated."}}}}, "created": "2026-03-24T10:28:54.013476+00:00", "updated": "2026-03-25T20:39:58.441493+00:00", "vendors": ["linkingvision", "linkingvision$PRODUCT$rapidvms"]}