Cyber Resilience

CVE-2026-3437

CriticalUpdated

Published: 03 March 2026

Published
03 March 2026
Modified
25 June 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 4.8th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-3437 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Portwell Engineering Toolkits. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-3437, published on 2026-03-03, is an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability classified under CWE-119. It affects Portwell Engineering Toolkits version 4.8.2, specifically the associated driver, which fails to properly restrict operations within memory buffer bounds.

A local authenticated attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. Successful exploitation enables reading and writing to arbitrary memory locations, potentially resulting in privilege escalation or a denial-of-service condition. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

For mitigation guidance, refer to CISA ICS Advisory ICSA-26-062-04 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-04.

EU & UK References

Vulnerability details

An improper restriction of operations within the bounds of a memory buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation…

more

of this vulnerability could result in escalation of privileges or cause a denial-of-service condition.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Local memory corruption (arbitrary read/write) in a privileged driver directly enables T1068 for privilege escalation and T1499.004 for endpoint DoS via exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22167Shared CWE-119
CVE-2026-2521Shared CWE-119
CVE-2026-28953Shared CWE-119
CVE-2024-54551Shared CWE-119
CVE-2023-49618Shared CWE-119
CVE-2026-2522Shared CWE-119
CVE-2026-39863Shared CWE-119
CVE-2025-15411Shared CWE-119
CVE-2024-52923Shared CWE-119
CVE-2026-28944Shared CWE-119

Affected Assets

portwell
engineering toolkits
4.8.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the specific buffer overflow flaw in the Portwell Engineering Toolkits driver by identifying, prioritizing, and applying patches or updates.

prevent

Provides comprehensive runtime memory protections like DEP, ASLR, and stack guards to block arbitrary memory read/write exploits from the buffer bounds violation.

prevent

Limits the scope of low-privilege local authenticated attackers by enforcing least privilege on access to the vulnerable driver, reducing privilege escalation potential.

References