Skip to main content

Rapidvms CVE-2026-33847

| EUVDEUVD-2026-14746 HIGH
Buffer Overflow (CWE-119)
2026-03-24 GovTech CSG GHSA-wjvp-54g5-w8p5
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Re-analysis Queued
Apr 20, 2026 - 20:22 vuln.today
cvss_changed
EUVD ID Assigned
Mar 24, 2026 - 06:15 euvd
EUVD-2026-14746
Analysis Generated
Mar 24, 2026 - 06:15 vuln.today
Patch released
Mar 24, 2026 - 06:15 nvd
Patch available
CVE Published
Mar 24, 2026 - 05:55 nvd
HIGH 7.8

DescriptionCVE.org

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96.

AnalysisAI

This is a memory buffer boundary restriction vulnerability (buffer overflow) in LinkingVision RapidVMS that allows an attacker with local access to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions of RapidVMS prior to PR#96 and has been patched by the vendor via GitHub pull request #98. While the CVSS score is 7.8 (high severity), the local attack vector and required user interaction reduce the immediate remote exploitation risk, and there is no evidence of active exploitation or public proof-of-concept at this time.

Technical ContextAI

RapidVMS is a video management system developed by LinkingVision for surveillance and monitoring applications. The vulnerability is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), which encompasses classic buffer overflow conditions where operations can write or read data outside the intended memory boundaries. The affected product is identified via CPE as cpe:2.3:a:linkingvision:rapidvms:*:*:*:*:*:*:*:*, confirming all versions prior to the patch are vulnerable. This class of vulnerability typically occurs in native code (C/C++) when bounds checking is insufficient during memory operations, potentially allowing memory corruption that can be leveraged for code execution.

RemediationAI

Upgrade LinkingVision RapidVMS to version PR#96 or later by applying the patch available from the vendor's GitHub repository at https://github.com/linkingvision/rapidvms/pull/98. Organizations should prioritize systems that are accessible to untrusted local users or that process untrusted file inputs. Until patching is completed, implement compensating controls such as restricting local access to RapidVMS systems to trusted administrators only, applying principle of least privilege, and avoiding opening untrusted files or data sources within the RapidVMS application. Monitor system logs for suspicious activity or unexpected application behavior that might indicate exploitation attempts.

Share

CVE-2026-33847 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy