Skip to main content

Modizer CVE-2026-4734

| EUVDEUVD-2026-14709 CRITICAL
Buffer Overflow (CWE-119)
2026-03-24 GovTech CSG GHSA-36m3-3x88-3x7w
9.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.4 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Clear

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Clear
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
N

Lifecycle Timeline

4
EUVD ID Assigned
Mar 24, 2026 - 03:30 euvd
EUVD-2026-14709
Analysis Generated
Mar 24, 2026 - 03:30 vuln.today
Patch released
Mar 24, 2026 - 03:30 nvd
Patch available
CVE Published
Mar 24, 2026 - 03:05 nvd
CRITICAL 9.4

DescriptionCVE.org

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules). This vulnerability is associated with program files imap.C‎.

This issue affects modizer: before v4.3.

AnalysisAI

A buffer overflow vulnerability in Modizer before v4.3 allows remote attackers to execute arbitrary code with high privileges by sending specially crafted input that bypasses memory boundary restrictions in the IMAP module. The network-accessible flaw requires minimal user interaction and affects the integrated libopenmpt curl library. A patch is available and should be applied immediately given the critical severity and confirmed attack vector.

Technical ContextAI

The vulnerability is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow defect. The affected component is located in modizer's bundled or integrated curl library code, specifically within the imap.C file located at libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib. The curl library handles IMAP protocol operations, and the buffer overflow likely occurs during parsing of IMAP protocol responses or command handling where input validation fails to enforce memory boundaries. This type of vulnerability in protocol parsing libraries is particularly dangerous because IMAP operations may be triggered remotely by connecting to IMAP servers, potentially under attacker control.

RemediationAI

Upgrade modizer to version 4.3 or later immediately, as a patch is available from the vendor. The fix is tracked in GitHub pull request 141 (https://github.com/yoyofr/modizer/pull/141) and should be integrated into the main distribution. Until upgrading is possible, restrict modizer instances to trusted network segments only and disable IMAP functionality if not required for operations. Monitor modizer process execution for signs of memory corruption or unexpected crashes, which could indicate exploitation attempts. Ensure that systems running modizer have modern exploit mitigations enabled, including ASLR, DEP/NX, and stack canaries, to raise the barrier for successful code execution even if the buffer overflow is triggered.

Share

CVE-2026-4734 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy