Cyber Resilience

CVE-2026-4188

High

Published: 16 March 2026

Published
16 March 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0045 36.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-4188 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink (inferred from references). Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 36.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-4188 is a stack-based buffer overflow vulnerability (CWE-119, CWE-121) in the formSchedule function of the /goform/formSchedule file within the boa component of D-Link DIR-619L firmware version 2.06B01. The flaw arises from improper handling of the curTime argument, allowing remote manipulation that triggers the overflow.

An attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N), achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). The CVSS 3.1 base score of 8.8 reflects its high severity, and a public exploit is available for use in attacks.

This issue affects only products no longer supported by the maintainer, with no patches available. Advisories on VulDB (ctiid.351094, id.351094, submit.769833) and a GitHub repository detail the vulnerability and proof-of-concept exploit, while the D-Link website provides no specific mitigation guidance for this CVE.

EU & UK References

Vulnerability details

A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack may…

more

be initiated remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in public web management interface (formSchedule) allows remote authenticated low-priv attacker to achieve RCE with full C/I/A impact; directly maps to exploitation of public-facing applications for initial device compromise and to privilege escalation via software vulnerability.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-3729Shared CWE-119, CWE-121
CVE-2026-4489Shared CWE-119, CWE-121
CVE-2026-6133Shared CWE-119, CWE-121
CVE-2026-4553Shared CWE-119, CWE-121
CVE-2026-2905Shared CWE-119, CWE-121
CVE-2026-5608Shared CWE-119, CWE-121
CVE-2026-6124Shared CWE-119, CWE-121
CVE-2026-2928Shared CWE-119, CWE-121
CVE-2026-2853Shared CWE-119, CWE-121
CVE-2026-2885Shared CWE-119, CWE-121

Affected Assets

Dlink
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents stack-based buffer overflow by validating the curTime argument in formSchedule before processing.

prevent

Implements memory protections like stack canaries and DEP that block exploitation of the stack buffer overflow vulnerability.

prevent

Mandates removal, alternative support, or compensating controls for unsupported EOL products like the affected D-Link DIR-619L firmware.

References