The vulnerability is a heap buffer overflow found in the buffer encryption utilities of Malwarebytes versions 4.x and 5.x and all Nebula releases from 2020‑10‑21 onward. It arises when the utilities process oversized or malformed data buffers, corrupting heap memory. This overflow can allow an attacker to overwrite arbitrary memory addresses, potentially leading to remote code execution, privilege escalation, or service disruption.

Systems that run Malwarebytes 4.x or 5.x, or Nebula deployed from 2020‑10‑21 onward, are affected. The flaw exists in the encryption components that may handle data from external or untrusted sources, so any endpoint running these versions bears the risk.

The CVSS score of 7.5 classifies the flaw as high severity, indicating that exploitation could compromise confidentiality, integrity, or availability. The description does not specify an exact attack vector, but heap overflows are commonly triggered by malicious input fed to the encryption routine, which could be done locally or through a network‑based interface if present. Because the EPSS score is unavailable and the issue is not listed in the CISA KEV catalog, there is no evidence of widespread exploitation yet; however, the nature of the heap corruption means that a successful exploit could allow arbitrary code execution. Prompt patching and monitoring for abnormal process behavior remain prudent.