CVE-2026-24827
Published: 27 January 2026
Summary
CVE-2026-24827 is a high-severity Out-of-bounds Write (CWE-787) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 18.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write (CWE-787) with AV:N and confirmed A:H impact enables remote exploitation that directly crashes the target application, matching T1499.004 (Application or System Exploitation) for Endpoint Denial of Service.
NVD Description
Out-of-bounds Write vulnerability in gerstrong Commander-Genius.This issue affects Commander-Genius: before Release refs/pull/358/merge.
Deeper analysisAI
CVE-2026-24827 is an Out-of-bounds Write vulnerability (CWE-787) in gerstrong Commander-Genius. This issue affects Commander-Genius versions before the release at refs/pull/358/merge.
The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). A remote, unauthenticated attacker can exploit it over the network with low attack complexity and no user interaction required. Successful exploitation leads to high availability impact, such as denial-of-service through application crashes, with no effects on confidentiality or integrity.
Mitigation details are available in the GitHub pull request at https://github.com/gerstrong/Commander-Genius/pull/379. Security practitioners should consult this reference for patching guidance.
Details
- CWE(s)