CRITICAL🇵🇱 Wersja polska

CVE-2026-24822

CVSS 10.0v4.0pub. 2026-01-27upd. 2026-04-15

Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is associated with program files mongoose.C. This issue affects wxhelper: through 3.9.10.19-v1.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-122 (Heap-based Buffer Overflow) and CWE-787 (Out-of-bounds Write) involves the application writing data beyond the allocated heap area in the mongoose.C source file. An attacker can supply specially crafted input data that will overflow the heap buffer, overwriting adjacent memory areas. Due to the network vector (AV:N) and lack of authentication requirements (PR:N) or user interaction (UI:N), the exploit can be conducted remotely.

Impact

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code (RCE) in the context of the process, and may also affect the confidentiality, integrity and availability of both the attacked system and related systems (high impact on SC/SI/SA according to CVSS 4.0).

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references — patch details available in pull request #515 in the wxhelper project GitHub repository (https://github.com/ttttupup/wxhelper/pull/515). Until the update is applied, it is recommended to restrict network access to services exposed by wxhelper.

Who is affected

The wxhelper application (authored by ttttupup) in all versions up to and including 3.9.10.19-v1, src modules, mongoose.C file.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References