Description
Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects .
Published: 2026-01-27
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability in cadaver’s turso3d allows an attacker to write beyond the bounds of an array and perform arithmetic with a zero divisor, leading to a null pointer dereference and the reuse of uninitialized resources. These weaknesses combine to enable arbitrary code execution. The high CVSS score of 10 confirms that an exploitation would compromise confidentiality, integrity, and availability of the affected system. “Out‑of‑bounds write” is a classic memory corruption flaw that typically permits control over program flow.

Affected Systems

The affected product is cadaver’s turso3d. No specific version numbers are given in the CVE information, so the patch status of installed instances cannot be determined from this data alone.

Risk and Exploitability

With a CVSS of 10 the vulnerability is considered extremely severe. The EPSS score of less than 1% suggests that, although exploitation is possible, it is currently statistically unlikely. The vulnerability is not listed in the CISA KEV catalog. Because the description does not specify an attack vector, it is inferred that the exploitation might require local access or could be achieved remotely if the vulnerable code is exposed through a service. Without explicit vector information, administrators should assume the worst‑case scenario and treat the flaw as a potential remote code execution risk.

Generated by OpenCVE AI on April 18, 2026 at 14:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch for turso3d or upgrade to a version where the vulnerability is fixed. If no patch is available, isolate the affected application from the network and disable any functions that invoke the vulnerable code path. Review the pull request at the provided GitHub link to manually apply the code changes if the vendor has not released a formal update.
  • Implement runtime integrity checks or address sanitizer tools to detect out-of-bounds accesses during development and testing. Monitor logs for anomalous memory access patterns that could indicate exploitation attempts.
  • Configure SELinux or AppArmor confinement for the turso3d process to limit the blast radius in case of exploitation.

Generated by OpenCVE AI on April 18, 2026 at 14:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://github.com/cadaver/turso3d/pull/11 cve-icon cve-icon
History

Thu, 29 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Cadaver
Cadaver turso3d
Vendors & Products Cadaver
Cadaver turso3d

Tue, 27 Jan 2026 09:30:00 +0000

Type Values Removed Values Added
Description Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects .
Title Out-of-bounds write in turso3d
Weaknesses CWE-125
CWE-369
CWE-476
CWE-617
CWE-787
CWE-908
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Cadaver Turso3d
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-01-29T20:03:11.637Z

Reserved: 2026-01-27T08:59:05.366Z

Link: CVE-2026-24826

cve-icon Vulnrichment

Updated: 2026-01-29T20:03:07.081Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T10:15:49.507

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24826

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:00:03Z

Weaknesses