Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54.
AnalysisAI
WujekFoliarz DualSenseY-v2 versions prior to 54 contain an out-of-bounds write vulnerability that allows local attackers with user interaction to achieve arbitrary code execution with full system compromise. The CVSS 7.8 rating reflects the high impact on confidentiality, integrity, and availability through memory corruption exploitation. A patch is available for affected users to mitigate this local privilege escalation risk.
Technical ContextAI
DualSenseY-v2 (cpe:2.3:a:wujekfoliarz:dualsensey-v2) is a Windows application that enables DualSense PlayStation 5 controller functionality on PC. The vulnerability is classified as CWE-787 (Out-of-bounds Write), a memory corruption issue where the application writes data outside the bounds of allocated memory buffers. This type of buffer overflow can occur during parsing of controller input data or configuration files, allowing attackers to overwrite adjacent memory regions and potentially hijack program execution flow to run arbitrary code.
RemediationAI
Upgrade DualSenseY-v2 to version 54 or later to address this vulnerability. The patch is available through GitHub pull request #66 at https://github.com/WujekFoliarz/DualSenseY-v2/pull/66. Users should download the latest release from the official repository and replace their existing installation. As an interim mitigation until patching is completed, users should avoid opening untrusted configuration files or connecting to untrusted systems while running the application, and should only download DualSenseY-v2 files from the official GitHub repository to prevent exploitation through malicious file parsing.
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14752
GHSA-2cjm-f4h6-vv39