CVE-2026-33848

High

Published: 24 March 2026

Published

24 March 2026

Modified

20 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0004 13.1th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-33848 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Linkingvision Rapidvms. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of flaws like this buffer overflow vulnerability through patching as provided in PR#96.

SI-16 Memory Protection good match

prevent

Implements memory protections such as ASLR, DEP, and stack canaries that directly mitigate buffer overflow exploits leading to arbitrary code execution.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Mandates vulnerability scanning to identify and prioritize buffer overflow vulnerabilities like CVE-2026-33848 in rapidvms software.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Buffer overflow (CWE-119) in client-exposed rapidvms component with AV:N/PR:N/UI:R directly enables remote arbitrary code execution via client application exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96.

Deeper analysisAI

CVE-2026-33848 is an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability, classified under CWE-119, affecting the linkingvision rapidvms software. This buffer overflow issue impacts versions of rapidvms prior to the changes introduced in pull request #96. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.

A remote attacker with no privileges can exploit this vulnerability over the network with low complexity, though it requires user interaction to trigger. Successful exploitation could allow the attacker to achieve high-level impacts, including arbitrary code execution, data disclosure, modification of system data, or denial of service, depending on the context of the buffer overflow.

The primary mitigation is addressed in the GitHub pull request at https://github.com/linkingvision/rapidvms/pull/96, which security practitioners should review and apply to vulnerable installations of rapidvms to remediate the issue.

Details

CWE(s): CWE-119

Affected Products

linkingvision

rapidvms

all versions

CVEs Like This One

CVE-2026-33849Same product: Linkingvision Rapidvms

CVE-2026-33847Same product: Linkingvision Rapidvms

CVE-2026-4710Shared CWE-119

CVE-2025-9185Shared CWE-119

CVE-2026-1260Shared CWE-119

CVE-2025-9179Shared CWE-119

CVE-2025-8035Shared CWE-119

CVE-2025-9184Shared CWE-119

CVE-2026-0891Shared CWE-119

CVE-2026-5731Shared CWE-119

References

https://github.com/linkingvision/rapidvms/pull/96
Issue Tracking · cve_disclosure@tech.gov.sg