Cyber Resilience

CVE-2026-33848

High

Published: 24 March 2026

Published
24 March 2026
Modified
20 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0024 15.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-33848 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Linkingvision Rapidvms. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 15.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-33848 is an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability, classified under CWE-119, affecting the linkingvision rapidvms software. This buffer overflow issue impacts versions of rapidvms prior to the changes introduced in pull request #96. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.

A remote attacker with no privileges can exploit this vulnerability over the network with low complexity, though it requires user interaction to trigger. Successful exploitation could allow the attacker to achieve high-level impacts, including arbitrary code execution, data disclosure, modification of system data, or denial of service, depending on the context of the buffer overflow.

The primary mitigation is addressed in the GitHub pull request at https://github.com/linkingvision/rapidvms/pull/96, which security practitioners should review and apply to vulnerable installations of rapidvms to remediate the issue.

EU & UK References

Vulnerability details

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Buffer overflow (CWE-119) in client-exposed rapidvms component with AV:N/PR:N/UI:R directly enables remote arbitrary code execution via client application exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33849Same product: Linkingvision Rapidvms
CVE-2026-33847Same product: Linkingvision Rapidvms
CVE-2026-5731Shared CWE-119
CVE-2026-28905Shared CWE-119
CVE-2026-8093Shared CWE-119
CVE-2026-7324Shared CWE-119
CVE-2026-0891Shared CWE-119
CVE-2026-6752Shared CWE-119
CVE-2026-8974Shared CWE-119
CVE-2026-2779Shared CWE-119

Affected Assets

linkingvision
rapidvms
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of flaws like this buffer overflow vulnerability through patching as provided in PR#96.

prevent

Implements memory protections such as ASLR, DEP, and stack canaries that directly mitigate buffer overflow exploits leading to arbitrary code execution.

detect

Mandates vulnerability scanning to identify and prioritize buffer overflow vulnerabilities like CVE-2026-33848 in rapidvms software.

References