Description
HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -rc command-line parameter. Attackers can craft a malicious input string exceeding 108 bytes containing shellcode and a return address to overwrite the stack and achieve code execution.
Published: 2026-03-28
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local code execution via buffer overflow
Action: Immediate patch
AI Analysis

Impact

The vulnerability is a buffer overflow in the –rc command‑line option of HNB Organizer 1.9.18‑10. By providing an argument longer than 108 bytes, a local user can inject shellcode and an overwritten return address onto the stack, causing the program to execute arbitrary instructions with the privileges of the user running the application.

Affected Systems

This flaw affects HNB Organizer version 1.9.18‑10. No other releases are listed as vulnerable in the available advisory. The vendor name is HNB.

Risk and Exploitability

With a CVSS score of 8.6 the vulnerability is high severity, but it requires local access and the ability to supply a crafted command‑line argument. No EPSS score is provided and the vulnerability does not appear in CISA’s KEV catalog, indicating limited publicly known exploitation. Attacks would be confined to systems where an unauthorized local user can run or influence HNB Organizer, so the attack vector is purely local.

Generated by OpenCVE AI on March 28, 2026 at 13:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade HNB Organizer to a version newer than 1.9.18‑10 if such a release exists.
  • If no update is available, restrict execution of HNB Organizer to trusted users only and avoid passing untrusted input via the –rc option.
  • Consider disabling or removing the –rc feature in shared or multi‑user environments.
  • Monitor logs for abnormal crashes or execution failures that may indicate an attempted exploit.

Generated by OpenCVE AI on March 28, 2026 at 13:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Hnb
Hnb hnb
Vendors & Products Hnb
Hnb hnb

Sat, 28 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Description HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -rc command-line parameter. Attackers can craft a malicious input string exceeding 108 bytes containing shellcode and a return address to overwrite the stack and achieve code execution.
Title HNB Organizer 1.9.18-10 Local Buffer Overflow via -rc Parameter
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Hnb Hnb
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T18:08:37.705Z

Reserved: 2026-03-28T11:38:52.207Z

Link: CVE-2016-20045

cve-icon Vulnrichment

Updated: 2026-03-30T18:08:33.923Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-28T12:16:00.630

Modified: 2026-03-30T13:26:07.647

Link: CVE-2016-20045

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T06:59:20Z

Weaknesses