Skip to main content

Pizzy Library EUVDEUVD-2026-36718

| CVE-2026-5233 HIGH
Improper Control of Interaction Frequency (CWE-799)
2026-06-15 TR-CERT GHSA-6554-rh36-hfh2
7.1
CVSS 3.1 · NVD
Share

Severity by source

Vendor (TR-CERT) PRIMARY
HIGH
qualitative
NVD
7.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
vuln.today AI
7.1 HIGH

Flooding requires only a low-privilege authenticated session over the network with no user interaction; impact is high availability loss with minor integrity side effects and no confidentiality exposure.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (TR-CERT).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

2
Patch available
Jun 15, 2026 - 16:01 EUVD
Analysis Generated
Jun 15, 2026 - 14:30 vuln.today

DescriptionNVD

Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding.

This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.

AnalysisAI

Resource flooding in MIA Technology Pizzy Library versions 1.0.0.26250 through 1.3.9.26250 allows authenticated remote attackers to abuse improper interaction frequency controls (CWE-799) to degrade availability and tamper with integrity. With a CVSS 3.1 base score of 7.1 and no public exploit identified at time of analysis, the flaw primarily threatens service availability in deployments that expose the library over the network. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege account
Delivery
Reach network-exposed Pizzy endpoint
Exploit
Issue high-frequency operation flood
Execution
Exhaust resources / bypass throttling
Impact
Degrade service availability

Vulnerability AssessmentAI

Exploitation Attacker must hold valid low-privilege credentials (PR:L) to a service exposing Pizzy Library over the network (AV:N), and that service must reach a Pizzy Library endpoint lacking frequency/throttling controls; no user interaction is required (UI:N) and exploitation complexity is low (AC:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS vector AV:N/AC:L/PR:L/UI:N indicates network-reachable, low-complexity exploitation requiring only low-privilege authentication, with the primary impact on availability (A:H) and partial integrity (I:L) but no confidentiality loss (C:N) - consistent with a flooding/DoS-class flaw rather than data exposure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or registered a low-privilege account on a service that embeds Pizzy Library issues a high-volume stream of operations against an endpoint that lacks frequency controls, exhausting CPU or memory and rendering the service unresponsive to other users. Because no public exploit is identified at time of analysis, the most likely real-world abuse is opportunistic disruption by insiders or compromised low-tier accounts rather than mass automated exploitation.
Remediation Upgrade Pizzy Library to version 1.3.9.26250 or later, which is the first fixed release per the affected-range boundary in the advisory at https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0383. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all internal and external deployments of Pizzy Library versions 1.0.0.26250-1.3.9.26250 and map network exposure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-36718 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy