Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96.
AnalysisAI
This is a memory buffer boundary restriction vulnerability (buffer overflow) in LinkingVision RapidVMS that allows an attacker with local access to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions of RapidVMS prior to PR#96 and has been patched by the vendor via GitHub pull request #98. While the CVSS score is 7.8 (high severity), the local attack vector and required user interaction reduce the immediate remote exploitation risk, and there is no evidence of active exploitation or public proof-of-concept at this time.
Technical ContextAI
RapidVMS is a video management system developed by LinkingVision for surveillance and monitoring applications. The vulnerability is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), which encompasses classic buffer overflow conditions where operations can write or read data outside the intended memory boundaries. The affected product is identified via CPE as cpe:2.3:a:linkingvision:rapidvms:*:*:*:*:*:*:*:*, confirming all versions prior to the patch are vulnerable. This class of vulnerability typically occurs in native code (C/C++) when bounds checking is insufficient during memory operations, potentially allowing memory corruption that can be leveraged for code execution.
RemediationAI
Upgrade LinkingVision RapidVMS to version PR#96 or later by applying the patch available from the vendor's GitHub repository at https://github.com/linkingvision/rapidvms/pull/98. Organizations should prioritize systems that are accessible to untrusted local users or that process untrusted file inputs. Until patching is completed, implement compensating controls such as restricting local access to RapidVMS systems to trusted administrators only, applying principle of least privilege, and avoiding opening untrusted files or data sources within the RapidVMS application. Monitor system logs for suspicious activity or unexpected application behavior that might indicate exploitation attempts.
RapidVMS before PR#96 contains a buffer overflow vulnerability that allows unauthenticated remote attackers to achieve c
RapidVMS before patch PR#96 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary c
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14746
GHSA-wjvp-54g5-w8p5