CVE-2026-4753
Published: 24 March 2026
Summary
CVE-2026-4753 is a critical-severity Out-of-bounds Read (CWE-125) vulnerability. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-4753 is an Out-of-bounds Read vulnerability (CWE-125) in slajerek's RetroDebugger, affecting all versions prior to v0.64.72. Published on 2026-03-24, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H), marking it as critical due to its potential for severe impact.
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and without requiring user interaction. Successful exploitation enables high confidentiality impact, such as unauthorized access to sensitive data, and high availability impact, potentially leading to denial-of-service conditions.
The vulnerability is addressed in RetroDebugger v0.64.72, with the fix provided via pull request #97 at https://github.com/slajerek/RetroDebugger/pull/97. Security practitioners should update to this version or later to mitigate the issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-14772
Vulnerability details
Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated OOB read in network-exposed debugger enables T1190 for initial access via public app exploitation and T1499.004 for DoS via targeted application crash; info disclosure lacks direct technique match beyond generic memory access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely flaw remediation, directly addressing this out-of-bounds read by mandating updates to the fixed RetroDebugger v0.64.72.
Implements memory protection mechanisms like address space randomization and guard pages to prevent exploitation of out-of-bounds reads.
Enforces input validation to block malformed network inputs that trigger the out-of-bounds read vulnerability.