{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4752", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T05:38:57.073Z", "datePublished": "2026-03-24T05:40:01.007Z", "dateUpdated": "2026-03-24T14:28:22.730Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:40:01.007Z"}, "title": "Use After Free in No-Chicken Echo-Mate", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-416", "description": "CWE-416 Use After Free", "type": "CWE"}]}], "affected": [{"vendor": "No-Chicken", "product": "Echo-Mate", "collectionURL": "https://github.com/No-Chicken/Echo-Mate", "versions": [{"status": "affected", "version": "0", "lessThan": "V250329", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Use After Free vulnerability in No-Chicken Echo-Mate.<p>This issue affects Echo-Mate: before V250329.</p>"}]}], "references": [{"url": "https://github.com/No-Chicken/Echo-Mate/pull/5", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:28:15.802940Z", "id": "CVE-2026-4752", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:28:22.730Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4752", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T14:28:15.802940Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:28:19.272Z"}}], "cna": {"title": "Use After Free in No-Chicken Echo-Mate", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "No-Chicken", "product": "Echo-Mate", "versions": [{"status": "affected", "version": "0", "lessThan": "V250329", "versionType": "git"}], "collectionURL": "https://github.com/No-Chicken/Echo-Mate", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/No-Chicken/Echo-Mate/pull/5", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329.", "supportingMedia": [{"type": "text/html", "value": "Use After Free vulnerability in No-Chicken Echo-Mate.<p>This issue affects Echo-Mate: before V250329.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:40:01.007Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4752", "state": "PUBLISHED", "dateUpdated": "2026-03-24T14:28:22.730Z", "dateReserved": "2026-03-24T05:38:57.073Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-03-24T05:40:01.007Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329."}, {"lang": "es", "value": "Vulnerabilidad de Use After Free en No-Chicken Echo-Mate. Este problema afecta a Echo-Mate: antes de V250329."}], "id": "CVE-2026-4752", "lastModified": "2026-05-05T20:38:41.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-03-24T06:16:23.553", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/No-Chicken/Echo-Mate/pull/5"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V250329)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Echo-Mate", "source": "cna", "vendor": "No-Chicken"}, "product": "echo-mate", "vendor": "no-chicken"}], "analysis": {"en": {"generated_at": "2026-03-24T07:51:55.384832+00:00", "value": {"mitigation_remediation": ["Upgrade Echo-Mate to version V250329 or newer", "If an upgrade is not immediately possible, isolate the application from untrusted inputs or disable the feature that triggers the free operation", "Verify that the upgrade mitigates the vulnerability and monitor for anomalous behavior"], "summary": {"action": "Patch Now", "impact": "Possible arbitrary code execution"}, "threat_synthesis": {"affected_systems": "All releases of No-Chicken Echo-Mate prior to version V250329 are affected. Users running any of these earlier builds should consider them compromised until updated to the patched version.", "description_and_impact": "The vulnerability is a Use After Free in No-Chicken Echo-Mate. It allows an attacker to access or overwrite memory that has already been freed, potentially corrupting the program state. This memory corruption can enable arbitrary code execution or trigger a denial of service. While the description references the risk of arbitrary code execution, its impact on confidentiality, integrity, or availability is inferred rather than explicitly stated in the advisory.", "risk_and_exploitability": "The CVSS score of 6.4 indicates moderate severity. No EPSS data is provided, and the vulnerability is not listed in the KEV catalog, suggesting no known widespread exploitation. The attack vector is not specified in the CVE, but a Use After Free typically requires the attacker to interact with the application\u2014either locally or remotely\u2014depending on how Echo-Mate is deployed. It is inferred that the attacker would need to supply crafted input that triggers the free operation and then subsequently references the freed memory. No documented exploitation has been found."}}}}, "created": "2026-03-24T10:28:57.497199+00:00", "updated": "2026-03-25T20:40:02.103672+00:00", "vendors": ["no-chicken", "no-chicken$PRODUCT$echo-mate"]}