CVE-2026-3437

High

Published: 03 March 2026

Published

03 March 2026

Modified

05 March 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0002 6.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3437 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Portwell Engineering Toolkits. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the specific buffer overflow flaw in the Portwell Engineering Toolkits driver by identifying, prioritizing, and applying patches or updates.

SI-16 Memory Protection good match

prevent

Provides comprehensive runtime memory protections like DEP, ASLR, and stack guards to block arbitrary memory read/write exploits from the buffer bounds violation.

AC-6 Least Privilege partial match

prevent

Limits the scope of low-privilege local authenticated attackers by enforcing least privilege on access to the vulnerable driver, reducing privilege escalation potential.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Local memory corruption (arbitrary read/write) in a privileged driver directly enables T1068 for privilege escalation and T1499.004 for endpoint DoS via exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation…

of this vulnerability could result in escalation of privileges or cause a denial-of-service condition.

Deeper analysisAI

CVE-2026-3437, published on 2026-03-03, is an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability classified under CWE-119. It affects Portwell Engineering Toolkits version 4.8.2, specifically the associated driver, which fails to properly restrict operations within memory buffer bounds.

A local authenticated attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. Successful exploitation enables reading and writing to arbitrary memory locations, potentially resulting in privilege escalation or a denial-of-service condition. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

For mitigation guidance, refer to CISA ICS Advisory ICSA-26-062-04 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-04.