Cyber Resilience

CVE-2026-33554

HighUpdated

Published: 24 March 2026

Published
24 March 2026
Modified
03 June 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0007 20.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-33554 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Gnu (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 20.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-33554 is a stack-based buffer overflow vulnerability (CWE-121) in the ipmi-oem client command of FreeIPMI versions prior to 1.16.17. FreeIPMI implements IPMI interfaces for platform management, commonly used for tasks like sensor reading and remote power control. The issue affects three specific subcommands: "ipmi-oem dell get-last-post-code" for retrieving the last POST code on Dell servers, "ipmi-oem supermicro extra-firmware-info" for extra firmware info on Supermicro servers, and "ipmi-oem wistron read-proprietary-string" for reading proprietary strings on Wistron servers. These subcommands trigger exploitable buffer overflows when processing response messages from IPMI servers.

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over the network with low complexity, no privileges or user interaction required. Remote unauthenticated attackers who control or compromise an IPMI service (such as a Baseboard Management Controller) can craft malicious response messages. When a victim runs one of the affected ipmi-oem subcommands against the attacker's server, the client processes the response and suffers a buffer overflow, resulting in denial of service through application crash or potential code execution, though impact is limited to availability.

Mitigation is addressed in FreeIPMI 1.16.17, available via the project's GNU FTP mirror. The upstream bug trackers on Savannah.gnu.org document the fixes in reports #68140, #68141, and #68142, each corresponding to one of the affected subcommands. Security practitioners should update FreeIPMI to version 1.16.17 or later and audit usage of these OEM subcommands against untrusted IPMI endpoints.

EU & UK References

Vulnerability details

ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system…

more

management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Three subcommands were found to have exploitable buffer overflows on response messages. They are: "ipmi-oem dell get-last-post-code - get the last POST code and string describing the error on some Dell servers," "ipmi-oem supermicro extra-firmware-info - get extra firmware info on Supermicro servers," and "ipmi-oem wistron read-proprietary-string - read a proprietary string on Wistron servers."

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Stack-based buffer overflow in FreeIPMI client (ipmi-oem) triggered by malicious IPMI server responses enables adversaries to exploit client software for code execution or DoS when a victim connects to an attacker-controlled endpoint.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2020-37001Shared CWE-121
CVE-2019-25365Shared CWE-121
CVE-2019-25360Shared CWE-121
CVE-2020-36967Shared CWE-121
CVE-2019-25331Shared CWE-121
CVE-2026-29972Shared CWE-121
CVE-2020-37183Shared CWE-121
CVE-2026-6665Shared CWE-121
CVE-2019-25361Shared CWE-121
CVE-2019-25332Shared CWE-121

Affected Assets

Gnu
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the buffer overflow flaw in FreeIPMI by requiring timely identification, reporting, and patching to version 1.16.17 or later.

prevent

Requires validation of response messages from IPMI servers to prevent stack-based buffer overflows when processing untrusted inputs in affected ipmi-oem subcommands.

prevent

Implements memory protections like ASLR and DEP to mitigate exploitation of the buffer overflow for denial of service or potential code execution.

References