CVE-2026-33850
Published: 24 March 2026
Summary
CVE-2026-33850 is a high-severity Out-of-bounds Write (CWE-787) vulnerability. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 6.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-33850 is an out-of-bounds write vulnerability (CWE-787) in the WujekFoliarz DualSenseY-v2 software. It affects versions of DualSenseY-v2 prior to 54. The vulnerability was published on 2026-03-24 and has a CVSS v3.1 base score of 7.8.
The vulnerability requires local access (AV:L), low attack complexity (AC:L), no privileges (PR:N), and user interaction (UI:R), with unchanged scope (S:U) and high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). A local attacker could exploit it by tricking a user into performing a specific action, potentially leading to arbitrary code execution, data corruption, or system crashes on the affected system.
A GitHub pull request at https://github.com/WujekFoliarz/DualSenseY-v2/pull/66 addresses the issue, providing a patch for affected versions. Security practitioners should update to DualSenseY-v2 version 54 or later to mitigate the vulnerability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-14752
Vulnerability details
Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write in client software (DualSenseY-v2) with AV:L/UI:R/PR:N directly enables client-side exploitation for code execution when a user is tricked into an action (T1203 Exploitation for Client Execution + T1204 User Execution).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the vulnerability by requiring timely identification, reporting, and application of the vendor patch for DualSenseY-v2 version 54 or later to remediate the out-of-bounds write.
Implements memory safeguards like address space layout randomization and data execution prevention to block exploitation of the out-of-bounds write for arbitrary code execution or crashes.
Restricts user installation and execution of vulnerable third-party software like pre-v54 DualSenseY-v2, preventing deployment of the affected version.