CVE-2026-0793
Published: 23 January 2026
Summary
CVE-2026-0793 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Algosolutions 8180 Ip Audio Alerter Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the lack of validation of user-supplied data length before copying to heap buffers, preventing the buffer overflow exploited in this CVE.
Requires timely identification, reporting, and correction of flaws like this heap-based buffer overflow, eliminating the vulnerability through patching or updates.
Implements memory safeguards such as non-executable heap memory and address space randomization to block arbitrary code execution from heap buffer overflows.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables unauthenticated remote code execution via a heap-based buffer overflow in a network-facing service (InformaCast on ALGO 8180 device), directly mapping to T1190: Exploit Public-Facing Application.
NVD Description
ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability.…
more
The specific flaw exists within the InformaCast functionality. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28302.
Deeper analysisAI
CVE-2026-0793 is a heap-based buffer overflow vulnerability in the InformaCast functionality of ALGO 8180 IP Audio Alerter devices. The flaw stems from insufficient validation of the length of user-supplied data before it is copied into a heap-based buffer, enabling remote code execution. Affected installations include the ALGO 8180 IP Audio Alerter, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), mapped to CWEs-122 (Heap-based Buffer Overflow) and CWE-787 (Out-of-bounds Write).
Remote attackers can exploit this vulnerability without authentication by sending specially crafted data to the device over the network. Successful exploitation allows arbitrary code execution in the context of the device, potentially granting full control over the IP audio alerter.
The Zero Day Initiative published advisory ZDI-26-015 detailing the vulnerability, originally tracked as ZDI-CAN-28302. No specific patch or mitigation details are provided in the available information.
Details
- CWE(s)