Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96.
AnalysisAI
RapidVMS before patch PR#96 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code without authentication or user interaction. The high CVSS score (8.8) reflects the critical nature of this network-accessible flaw affecting confidentiality, integrity, and availability of affected systems. A patch is available and should be prioritized immediately given the severe exploitation potential.
Technical ContextAI
This vulnerability affects linkingvision rapidvms (CPE: cpe:2.3:a:linkingvision:rapidvms), a video management system platform. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), which encompasses various buffer overflow conditions where data writes or reads exceed allocated memory boundaries. This class of vulnerability typically occurs when input validation is insufficient, allowing an attacker to write beyond buffer limits and potentially overwrite adjacent memory structures, function pointers, or return addresses. In the context of a video management system, this could occur in media processing routines, network protocol handlers, or configuration parsing functions that handle user-supplied data without proper bounds checking.
RemediationAI
Update linkingvision rapidvms to a version incorporating Pull Request #96 or later by applying the patch available at https://github.com/linkingvision/rapidvms/pull/96. Organizations should review the pull request changes to understand the specific code modifications addressing the buffer overflow condition and apply them to their deployments. Until patching is completed, implement defense-in-depth measures including restricting network access to the rapidvms system to trusted IP ranges only, deploying intrusion detection systems to monitor for exploit attempts, and educating users not to interact with untrusted content within the VMS interface. Given the user interaction requirement, security awareness training can reduce the attack surface while patches are being deployed.
RapidVMS before PR#96 contains a buffer overflow vulnerability that allows unauthenticated remote attackers to achieve c
This is a memory buffer boundary restriction vulnerability (buffer overflow) in LinkingVision RapidVMS that allows an at
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14748
GHSA-5j5q-mqh9-w768