What is the CVSS score of CVE-2026-36355?

CVE-2026-36355 has a CVSS 3.1 base score of 7.7 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Realtek rtl819x Jungle SDK are affected by CVE-2026-36355?

Realtek rtl819x Wi-Fi driver versions through 3.4.14B contain an arbitrary kernel memory read/write vulnerability exploitable by local attackers without special privileges, enabling privilege…

Is there a public PoC exploit available for CVE-2026-36355?

Yes, a public proof-of-concept exploit is available for CVE-2026-36355. Prioritise patching immediately. EPSS: 0.0%.

Realtek rtl819x Jungle SDK CVE-2026-36355

EUVD-2026-27325 HIGH

Information Exposure (CWE-200)

2026-05-05 mitre

Information Disclosure

7.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

May 05, 2026 - 18:22 vuln.today

CVSS changed

May 05, 2026 - 18:22 NVD

7.7 (HIGH)

DescriptionNVD

The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioctl 0x89F6) debug handlers, which are compiled into production builds via the unconditionally defined _IOCTL_DEBUG_CMD_ macro in 8192cd_cfg.h

AnalysisAI

Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to access and modify kernel memory through debug ioctl handlers (0x89F5/0x89F6) that were left enabled in production builds. All known SDK versions through v3.4.14B are affected. …

RemediationAI

Within 24 hours: Identify and inventory all devices running Realtek rtl819x Jungle SDK driver (rtl8192cd) by conducting network scans and device audits; document versions through 3.4.14B as critical. Within 7 days: Isolate affected devices to network segments with restricted access and disable local user access where operationally feasible; contact Realtek for patch timeline and ETA. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-36355 vulnerability details – vuln.today

Back

Realtek rtl819x Jungle SDK CVE-2026-36355

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code