CVE-2026-24831
Published: 27 January 2026
Summary
CVE-2026-24831 is a high-severity Infinite Loop (CWE-835) vulnerability in Ixray-Team Ix-Ray Engine 1.6. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Deeper analysis
CVE-2026-24831 is a Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability, classified as CWE-835, in ixray-team's ixray-1.6-stcop software. This issue affects ixray-1.6-stcop versions before 1.3. The vulnerability was published on 2026-01-27T16:16:35.903 and carries a CVSS v3.1 base score of 7.5.
An unauthenticated attacker (PR:N) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation triggers an infinite loop, resulting in high availability impact (A:H) through denial of service, such as resource exhaustion, while confidentiality (C:N) and integrity (I:N) remain unaffected and the scope is unchanged (S:U).
The GitHub pull request at https://github.com/ixray-team/ixray-1.6-stcop/pull/248 provides mitigation by patching the infinite loop condition in affected versions of ixray-1.6-stcop.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-4726
Vulnerability details
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated infinite loop (CWE-835) in network-accessible software directly enables initial access via public-facing app exploitation (T1190) and causes availability impact through application/system exploitation leading to resource exhaustion (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely remediation of the infinite loop flaw (CWE-835) in ixray-1.6-stcop versions before 1.3 via patching as indicated in the GitHub pull request.
Provides denial-of-service protections at boundaries to block remote unauthenticated exploitation of the infinite loop leading to resource exhaustion.
Ensures resource availability through allocation mechanisms that mitigate high-impact exhaustion from the triggered infinite loop.