Description
Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is associated with program files mongoose.C.

This issue affects wxhelper: through 3.9.10.19-v1.
Published: 2026-01-27
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Heap‑based buffer overflow causing memory corruption
Action: Immediate Patch
AI Analysis

Impact

Out‑of‑bounds write in the mongoose module of wxhelper leads to a heap‑based buffer overflow. The overflow can corrupt memory, potentially resulting in application crashes or data integrity failures. In the worst case, the corrupted memory could be leveraged to execute arbitrary code, though the CVE description does not explicitly confirm this outcome.

Affected Systems

The wxhelper application from the ttttupup project is affected. All releases up to and including version 3.9.10.19‑v1 contain the vulnerability in the source file mongoose.C that is used by wxhelper modules.

Risk and Exploitability

The CVSS score is 10, indicating critical severity. The EPSS score is below 1%, implying a very low exploitation probability as of this analysis, and the vulnerability is not listed in the CISA KEV catalog, so no public exploits are known. Based on the description, it is inferred that an attacker could supply malformed input to the mongoose module—potentially via a network service or a local file—to trigger the overflow. The attack vector could be remote if the module accepts external input, or local if the service runs with sufficient privileges on the host. The high severity and the possibility of arbitrary code execution make the risk significant once the flaw is exploited.

Generated by OpenCVE AI on April 18, 2026 at 14:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched version of wxhelper when it becomes available from the maintainers.
  • Restrict incoming data to only trusted sources and apply validation or sanitization before it reaches the mongoose module to prevent malformed input.
  • Run the wxhelper service with the least privileges necessary and limit its network exposure to trusted hosts.
  • Configure operating‑system level hardening such as ASLR, DEP, and heap randomization to reduce the impact of any remaining buffer overflows.

Generated by OpenCVE AI on April 18, 2026 at 14:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Ttttupup
Ttttupup wxhelper
Vendors & Products Ttttupup
Ttttupup wxhelper

Tue, 27 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 09:15:00 +0000

Type Values Removed Values Added
Description Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is associated with program files mongoose.C. This issue affects wxhelper: through 3.9.10.19-v1.
Title a heap-based buffer overflow vulnerability in ttttupup/wxhelper via src/mongoose.
Weaknesses CWE-122
CWE-787
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:D/RE:M/U:Red'}

Subscriptions

Ttttupup Wxhelper
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-01-27T16:59:40.636Z

Reserved: 2026-01-27T08:48:56.893Z

Link: CVE-2026-24822

cve-icon Vulnrichment

Updated: 2026-01-27T16:59:37.400Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T09:15:52.937

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24822

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:00:03Z

Weaknesses