Cyber Resilience

CVE-2026-4753

Critical

Published: 24 March 2026

Published
24 March 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0042 33.3th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-4753 is a critical-severity Out-of-bounds Read (CWE-125) vulnerability. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-4753 is an Out-of-bounds Read vulnerability (CWE-125) in slajerek's RetroDebugger, affecting all versions prior to v0.64.72. Published on 2026-03-24, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H), marking it as critical due to its potential for severe impact.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and without requiring user interaction. Successful exploitation enables high confidentiality impact, such as unauthorized access to sensitive data, and high availability impact, potentially leading to denial-of-service conditions.

The vulnerability is addressed in RetroDebugger v0.64.72, with the fix provided via pull request #97 at https://github.com/slajerek/RetroDebugger/pull/97. Security practitioners should update to this version or later to mitigate the issue.

EU & UK References

Vulnerability details

Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated OOB read in network-exposed debugger enables T1190 for initial access via public app exploitation and T1499.004 for DoS via targeted application crash; info disclosure lacks direct technique match beyond generic memory access.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-40890Shared CWE-125
CVE-2026-26264Shared CWE-125
CVE-2026-21863Shared CWE-125
CVE-2026-33598Shared CWE-125
CVE-2026-32877Shared CWE-125
CVE-2026-4750Shared CWE-125
CVE-2026-3622Shared CWE-125
CVE-2026-41503Shared CWE-125
CVE-2026-26008Shared CWE-125
CVE-2026-28815Shared CWE-125

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely flaw remediation, directly addressing this out-of-bounds read by mandating updates to the fixed RetroDebugger v0.64.72.

prevent

Implements memory protection mechanisms like address space randomization and guard pages to prevent exploitation of out-of-bounds reads.

prevent

Enforces input validation to block malformed network inputs that trigger the out-of-bounds read vulnerability.

References