Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Flooding requires only a low-privilege authenticated session over the network with no user interaction; impact is high availability loss with minor integrity side effects and no confidentiality exposure.
Primary rating from Vendor (TR-CERT).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
2DescriptionNVD
Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding.
This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
AnalysisAI
Resource flooding in MIA Technology Pizzy Library versions 1.0.0.26250 through 1.3.9.26250 allows authenticated remote attackers to abuse improper interaction frequency controls (CWE-799) to degrade availability and tamper with integrity. With a CVSS 3.1 base score of 7.1 and no public exploit identified at time of analysis, the flaw primarily threatens service availability in deployments that expose the library over the network. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must hold valid low-privilege credentials (PR:L) to a service exposing Pizzy Library over the network (AV:N), and that service must reach a Pizzy Library endpoint lacking frequency/throttling controls; no user interaction is required (UI:N) and exploitation complexity is low (AC:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector AV:N/AC:L/PR:L/UI:N indicates network-reachable, low-complexity exploitation requiring only low-privilege authentication, with the primary impact on availability (A:H) and partial integrity (I:L) but no confidentiality loss (C:N) - consistent with a flooding/DoS-class flaw rather than data exposure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained or registered a low-privilege account on a service that embeds Pizzy Library issues a high-volume stream of operations against an endpoint that lacks frequency controls, exhausting CPU or memory and rendering the service unresponsive to other users. Because no public exploit is identified at time of analysis, the most likely real-world abuse is opportunistic disruption by insiders or compromised low-tier accounts rather than mass automated exploitation. |
| Remediation | Upgrade Pizzy Library to version 1.3.9.26250 or later, which is the first fixed release per the affected-range boundary in the advisory at https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0383. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all internal and external deployments of Pizzy Library versions 1.0.0.26250-1.3.9.26250 and map network exposure. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Pizzy Library
View allCSV formula injection in MIA Technology's Pizzy Library (versions 1.0.0.26250 through 1.3.9.26250) allows authenticated
Improper access control in MIA Technology Inc. Pizzy Library versions 1.0.0.26250 through 1.3.9.26250 allows authenticat
Same weakness CWE-799 – Improper Control of Interaction Frequency
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36718
GHSA-6554-rh36-hfh2