Skip to main content

Rapidvms CVE-2026-33848

| EUVDEUVD-2026-14748 HIGH
Buffer Overflow (CWE-119)
2026-03-24 GovTech CSG GHSA-5j5q-mqh9-w768
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Re-analysis Queued
Apr 20, 2026 - 20:22 vuln.today
cvss_changed
EUVD ID Assigned
Mar 24, 2026 - 06:15 euvd
EUVD-2026-14748
Analysis Generated
Mar 24, 2026 - 06:15 vuln.today
Patch released
Mar 24, 2026 - 06:15 nvd
Patch available
CVE Published
Mar 24, 2026 - 05:51 nvd
HIGH 8.8

DescriptionCVE.org

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96.

AnalysisAI

RapidVMS before patch PR#96 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code without authentication or user interaction. The high CVSS score (8.8) reflects the critical nature of this network-accessible flaw affecting confidentiality, integrity, and availability of affected systems. A patch is available and should be prioritized immediately given the severe exploitation potential.

Technical ContextAI

This vulnerability affects linkingvision rapidvms (CPE: cpe:2.3:a:linkingvision:rapidvms), a video management system platform. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), which encompasses various buffer overflow conditions where data writes or reads exceed allocated memory boundaries. This class of vulnerability typically occurs when input validation is insufficient, allowing an attacker to write beyond buffer limits and potentially overwrite adjacent memory structures, function pointers, or return addresses. In the context of a video management system, this could occur in media processing routines, network protocol handlers, or configuration parsing functions that handle user-supplied data without proper bounds checking.

RemediationAI

Update linkingvision rapidvms to a version incorporating Pull Request #96 or later by applying the patch available at https://github.com/linkingvision/rapidvms/pull/96. Organizations should review the pull request changes to understand the specific code modifications addressing the buffer overflow condition and apply them to their deployments. Until patching is completed, implement defense-in-depth measures including restricting network access to the rapidvms system to trusted IP ranges only, deploying intrusion detection systems to monitor for exploit attempts, and educating users not to interact with untrusted content within the VMS interface. Given the user interaction requirement, security awareness training can reduce the attack surface while patches are being deployed.

Share

CVE-2026-33848 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy