CVE-2026-24873
Published: 27 January 2026
Summary
CVE-2026-24873 is a high-severity Out-of-bounds Read (CWE-125) vulnerability. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 4.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the out-of-bounds read vulnerability by applying the available patch in lpp-vita r6.
Implements memory safeguards that protect against unauthorized out-of-bounds reads, mitigating info disclosure and potential code execution from this CWE-125 vulnerability.
Validates information inputs to prevent malformed data from triggering the out-of-bounds read in lpp-vita.
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.NVD Description
Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.This issue affects lpp-vita: before lpp-vita r6.
Deeper analysisAI
CVE-2026-24873 is an out-of-bounds read vulnerability (CWE-125) in Rinnegatamante's lpp-vita software. It affects lpp-vita versions prior to release r6.
The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A local attacker requires no privileges but must trick a user into some interaction to exploit it with low complexity, potentially achieving high impacts including unauthorized access to sensitive data, modification of system resources, and denial of service.
A pull request addressing the issue is available at https://github.com/Rinnegatamante/lpp-vita/pull/82.
Details
- CWE(s)