CVE-2026-4750
Published: 24 March 2026
Summary
CVE-2026-4750 is a critical-severity Out-of-bounds Read (CWE-125) vulnerability. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2026-4750 is an out-of-bounds read vulnerability (CWE-125) in the woof software maintained by fabiangreffrath. This issue affects woof versions prior to 15.3.0. Published on 2026-03-24, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H), marking it as critical due to its potential for remote exploitation with high impacts on confidentiality and availability.
Remote attackers can exploit this vulnerability over the network without requiring user privileges or interaction, using low-complexity techniques. Successful exploitation enables disclosure of sensitive information (high confidentiality impact) and disruption of service (high availability impact), such as denial of service, while integrity remains unaffected in an unchanged security scope.
A pull request addressing the vulnerability is available at https://github.com/fabiangreffrath/woof/pull/2521, which security practitioners should review for patch details and apply updates to woof 15.3.0 or later to mitigate the issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-14766
Vulnerability details
Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated network exploitation of a public-facing application (game server) directly matches T1190; OOB read enables application crash/DoS matching T1499.004.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and patching of flaws like the out-of-bounds read in woof prior to version 15.3.0, directly preventing remote exploitation.
Vulnerability scanning detects systems running vulnerable woof versions affected by CVE-2026-4750, enabling remediation.
Implements memory protections such as ASLR and DEP that mitigate impacts of out-of-bounds reads by complicating information disclosure and exploitation.