Cyber Resilience

CVE-2026-24873

High

Published: 27 January 2026

Published
27 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 7.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24873 is a high-severity Out-of-bounds Read (CWE-125) vulnerability. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 7.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-24873 is an out-of-bounds read vulnerability (CWE-125) in Rinnegatamante's lpp-vita software. It affects lpp-vita versions prior to release r6.

The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A local attacker requires no privileges but must trick a user into some interaction to exploit it with low complexity, potentially achieving high impacts including unauthorized access to sensitive data, modification of system resources, and denial of service.

A pull request addressing the issue is available at https://github.com/Rinnegatamante/lpp-vita/pull/82.

EU & UK References

Vulnerability details

Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.This issue affects lpp-vita: before lpp-vita r6.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-55100Shared CWE-125
CVE-2026-41604Shared CWE-125
CVE-2026-2664Shared CWE-125
CVE-2025-20916Shared CWE-125
CVE-2026-31558Shared CWE-125
CVE-2026-30997Shared CWE-125
CVE-2026-35444Shared CWE-125
CVE-2026-31613Shared CWE-125
CVE-2026-20611Shared CWE-125
CVE-2026-23388Shared CWE-125

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the out-of-bounds read vulnerability by applying the available patch in lpp-vita r6.

prevent

Implements memory safeguards that protect against unauthorized out-of-bounds reads, mitigating info disclosure and potential code execution from this CWE-125 vulnerability.

prevent

Validates information inputs to prevent malformed data from triggering the out-of-bounds read in lpp-vita.

References