{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4753", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T05:40:49.837Z", "datePublished": "2026-03-24T05:41:10.541Z", "dateUpdated": "2026-03-24T14:27:54.384Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:42:32.661Z"}, "title": "Out-of-bounds Read in slajerek RetroDebugger", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "type": "CWE"}]}], "affected": [{"vendor": "slajerek", "product": "RetroDebugger", "collectionURL": "https://github.com/slajerek/RetroDebugger", "versions": [{"status": "affected", "version": "0", "lessThan": "v0.64.72", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Out-of-bounds Read vulnerability in slajerek RetroDebugger.<p>This issue affects RetroDebugger: before v0.64.72.</p>"}]}], "references": [{"url": "https://github.com/slajerek/RetroDebugger/pull/97", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:27:47.232046Z", "id": "CVE-2026-4753", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:27:54.384Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4753", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T14:27:47.232046Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:27:51.204Z"}}], "cna": {"title": "Out-of-bounds Read in slajerek RetroDebugger", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "slajerek", "product": "RetroDebugger", "versions": [{"status": "affected", "version": "0", "lessThan": "v0.64.72", "versionType": "git"}], "collectionURL": "https://github.com/slajerek/RetroDebugger", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/slajerek/RetroDebugger/pull/97", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds Read vulnerability in slajerek RetroDebugger.<p>This issue affects RetroDebugger: before v0.64.72.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:42:32.661Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4753", "state": "PUBLISHED", "dateUpdated": "2026-03-24T14:27:54.384Z", "dateReserved": "2026-03-24T05:40:49.837Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-03-24T05:41:10.541Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72."}, {"lang": "es", "value": "Vulnerabilidad de lectura fuera de l\u00edmites en slajerek RetroDebugger. Este problema afecta a RetroDebugger: antes de la v0.64.72."}], "id": "CVE-2026-4753", "lastModified": "2026-05-05T20:38:41.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-03-24T06:16:23.700", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/slajerek/RetroDebugger/pull/97"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,v0.64.72)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "RetroDebugger", "source": "cna", "vendor": "slajerek"}, "product": "retrodebugger", "vendor": "slajerek"}], "analysis": {"en": {"generated_at": "2026-03-24T07:24:03.843122+00:00", "value": {"mitigation_remediation": ["Upgrade RetroDebugger to version 0.64.72 or later to remove the out\u2011of\u2011bounds read issue."], "summary": {"action": "Patch Now", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The flaw affects all releases of RetroDebugger before version 0.64.72. Users running any earlier version of the tool, regardless of the operating system, are at risk if the debugger is accessed by an adversary capable of crafting malicious inspection requests.", "description_and_impact": "RetroDebugger implements a debugger that handles user\u2011supplied input for memory inspection. An out\u2011of\u2011bounds read allows the debugger to read memory locations outside the intended buffer, potentially exposing internal data or configuration information to the caller. This vulnerability belongs to CWE-125, which describes an access beyond the bounds of allocated memory and can lead to unintended disclosure of confidential information.", "risk_and_exploitability": "The CVSS score of 9.1 indicates a high severity rating, reflecting the potential for significant data exposure. No EPSS score is available, and the vulnerability is not yet listed in the CISA KEV catalog. Because the attack requires interacting with the debugger interface, the most likely vectors are local or remote access to the machine where the debugger is running, but the description does not explicitly state the required privilege level. The risk assessment therefore relies on the high severity score and the nature of the flaw rather than on documented exploitation evidence."}}}}, "created": "2026-03-24T10:28:56.639774+00:00", "updated": "2026-03-25T20:40:01.117804+00:00", "vendors": ["slajerek", "slajerek$PRODUCT$retrodebugger"]}