Skip to main content

Echo Mate EUVDEUVD-2026-14770

| CVE-2026-4752 MEDIUM
Use After Free (CWE-416)
2026-03-24 GovTech CSG GHSA-g2m8-xr2q-wqp9
6.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.4 MEDIUM
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 24, 2026 - 06:15 euvd
EUVD-2026-14770
Analysis Generated
Mar 24, 2026 - 06:15 vuln.today
Patch released
Mar 24, 2026 - 06:15 nvd
Patch available
CVE Published
Mar 24, 2026 - 05:40 nvd
MEDIUM 6.4

DescriptionCVE.org

Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329.

AnalysisAI

A Use After Free (UAF) vulnerability exists in No-Chicken Echo-Mate prior to version V250329, allowing an attacker with high privileges to cause memory corruption that may lead to information disclosure, data integrity violations, or denial of service. The vulnerability is classified as CWE-416 and carries a CVSS score of 6.4; a security patch is available from the vendor via GitHub pull request.

Technical ContextAI

The vulnerability is rooted in CWE-416 (Use After Free), a classic memory safety issue where the application references memory that has already been freed or deallocated. In Echo-Mate (identified via CPE cpe:2.3:a:no-chicken:echo-mate:*:*:*:*:*:*:*:*), improper memory lifecycle management allows attackers to access or manipulate freed memory regions. This typically occurs in applications written in memory-unsafe languages (C/C++) or in language runtimes with manual memory management. The consequence is potential corruption of in-flight data structures, leading to cascading failures in confidentiality, integrity, and availability.

RemediationAI

Upgrade No-Chicken Echo-Mate to version V250329 or later. Review and merge the vendor patch available at https://github.com/No-Chicken/Echo-Mate/pull/5 into your deployment. Until patching is completed, restrict high-privilege account access to Echo-Mate to only trusted users and administrators, enforce principle of least privilege for service accounts running Echo-Mate, and monitor process memory and system logs for signs of memory corruption or unexpected crashes. Consider isolating Echo-Mate instances in sandboxed or containerized environments to limit lateral movement if exploitation occurs.

Share

EUVD-2026-14770 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy