{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33850", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T05:46:40.231Z", "datePublished": "2026-03-24T05:47:02.673Z", "dateUpdated": "2026-03-24T14:27:26.039Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:47:02.673Z"}, "title": "Out-of-bounds Write in WujekFoliarz DualSenseY-v2", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "type": "CWE"}]}], "affected": [{"vendor": "WujekFoliarz", "product": "DualSenseY-v2", "collectionURL": "https://github.com/WujekFoliarz/DualSenseY-v2", "versions": [{"status": "affected", "version": "0", "lessThan": "54", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.<p>This issue affects DualSenseY-v2: before 54.</p>"}]}], "references": [{"url": "https://github.com/WujekFoliarz/DualSenseY-v2/pull/66", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:27:18.988807Z", "id": "CVE-2026-33850", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:27:26.039Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33850", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T14:27:18.988807Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:27:21.899Z"}}], "cna": {"title": "Out-of-bounds Write in WujekFoliarz DualSenseY-v2", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WujekFoliarz", "product": "DualSenseY-v2", "versions": [{"status": "affected", "version": "0", "lessThan": "54", "versionType": "git"}], "collectionURL": "https://github.com/WujekFoliarz/DualSenseY-v2", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/WujekFoliarz/DualSenseY-v2/pull/66", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.<p>This issue affects DualSenseY-v2: before 54.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:47:02.673Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33850", "state": "PUBLISHED", "dateUpdated": "2026-03-24T14:27:26.039Z", "dateReserved": "2026-03-24T05:46:40.231Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-03-24T05:47:02.673Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54."}, {"lang": "es", "value": "Vulnerabilidad de escritura fuera de l\u00edmites en WujekFoliarz DualSenseY-v2. Este problema afecta a DualSenseY-v2: anterior a 54."}], "id": "CVE-2026-33850", "lastModified": "2026-05-05T20:38:41.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-03-24T06:16:22.223", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/WujekFoliarz/DualSenseY-v2/pull/66"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,54)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "DualSenseY-v2", "source": "cna", "vendor": "WujekFoliarz"}, "product": "dualsensey-v2", "vendor": "wujekfoliarz"}], "analysis": {"en": {"generated_at": "2026-03-24T07:23:55.837848+00:00", "value": {"mitigation_remediation": ["Upgrade DualSenseY\u2011v2 to version 54 or newer."], "summary": {"action": "Apply Patch", "impact": "Memory Corruption"}, "threat_synthesis": {"affected_systems": "The flaw exists in the WujekFoliarz DualSenseY\u2011v2 product for all releases older than 54. No other versions or additional vendors are impacted based on the current data.", "description_and_impact": "This vulnerability is an out-of-bounds write that can corrupt adjacent memory. In the worst case, a malicious actor could use the corrupted memory to alter program flow, execute arbitrary code, or cause a denial of service by crashing the component. The weakness is identified as CWE\u2011787.", "risk_and_exploitability": "The CVSS score is 7.8, indicating a high severity. EPSS data is unavailable, so the likelihood of current exploitation is unclear. The vulnerability is not listed in the CISA KEV catalog. Attack vector details are not explicitly documented in the description; it is inferred that an attacker with access to the vulnerable component\u2014either locally or potentially via a network interface exposing that functionality\u2014could trigger the out\u2011of\u2011bounds write. Given the severity and lack of mitigations, the risk remains significant until a patch is applied."}}}}, "created": "2026-03-24T10:28:55.747793+00:00", "updated": "2026-03-25T20:40:00.234262+00:00", "vendors": ["wujekfoliarz", "wujekfoliarz$PRODUCT$dualsensey-v2"]}