Description
Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.
Published: 2026-01-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An out‐of‑bounds write in the ix‑ray_engine 1.6 component allows arbitrary memory corruption and can enable an attacker to execute code or crash the system, therefore compromising confidentiality, integrity and availability.

Affected Systems

The vulnerability impacts ixray‑team’s ix‑ray_engine 1.6 (ixray‑1.6‑stcop). All releases before version 1.3 are affected; the 1.3 release contains the remediation.

Risk and Exploitability

The CVSS score of 9.8 denotes a severe risk. The EPSS rating is below 1 %, indicating a low probability of exploitation in the wild. It is not listed in the CISA KEV catalog. Detailed attack vectors are not provided in the source data, but the nature of the flaw suggests a remote attacker could trigger the out‑of‑bounds write by sending crafted input to the affected module, though no public exploit has been reported.

Generated by OpenCVE AI on April 18, 2026 at 02:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ix‑ray_engine 1.6 to version 1.3 or later, which incorporates the fix showcased in pull request 257.
  • If an upgrade cannot be performed immediately, limit the component to trusted input only and disable any external interfaces that could receive untrusted data.
  • Apply any additional security controls for related components and keep abreast of the vendor’s update channel for further patches.

Generated by OpenCVE AI on April 18, 2026 at 02:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Ixray-team ix-ray Engine 1.6
CPEs cpe:2.3:a:ixray-team:ix-ray_engine_1.6:*:*:*:*:*:*:*:*
Vendors & Products Ixray-team ix-ray Engine 1.6

Wed, 28 Jan 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Ixray-team
Ixray-team ixray
Vendors & Products Ixray-team
Ixray-team ixray

Tue, 27 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 16:00:00 +0000

Type Values Removed Values Added
Description Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.
Title Out-of-bounds write in ixray-1.6-stcop
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ixray-team Ix-ray Engine 1.6 Ixray
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-01-27T21:35:28.495Z

Reserved: 2026-01-27T08:59:05.367Z

Link: CVE-2026-24832

cve-icon Vulnrichment

Updated: 2026-01-27T21:07:07.108Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-27T16:16:36.033

Modified: 2026-02-05T17:02:11.277

Link: CVE-2026-24832

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T02:15:05Z

Weaknesses