CVE-2026-24873
Published: 27 January 2026
Summary
CVE-2026-24873 is a high-severity Out-of-bounds Read (CWE-125) vulnerability. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 7.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-24873 is an out-of-bounds read vulnerability (CWE-125) in Rinnegatamante's lpp-vita software. It affects lpp-vita versions prior to release r6.
The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A local attacker requires no privileges but must trick a user into some interaction to exploit it with low complexity, potentially achieving high impacts including unauthorized access to sensitive data, modification of system resources, and denial of service.
A pull request addressing the issue is available at https://github.com/Rinnegatamante/lpp-vita/pull/82.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-4800
Vulnerability details
Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.This issue affects lpp-vita: before lpp-vita r6.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the out-of-bounds read vulnerability by applying the available patch in lpp-vita r6.
Implements memory safeguards that protect against unauthorized out-of-bounds reads, mitigating info disclosure and potential code execution from this CWE-125 vulnerability.
Validates information inputs to prevent malformed data from triggering the out-of-bounds read in lpp-vita.