{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4750", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T05:36:24.851Z", "datePublished": "2026-03-24T05:36:44.407Z", "dateUpdated": "2026-03-24T14:31:31.027Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:36:44.407Z"}, "title": "Out-of-bounds Read in fabiangreffrath woof", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "type": "CWE"}]}], "affected": [{"vendor": "fabiangreffrath", "product": "woof", "collectionURL": "https://github.com/fabiangreffrath/woof", "versions": [{"status": "affected", "version": "0", "lessThan": "woof_15.3.0", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Out-of-bounds Read vulnerability in fabiangreffrath woof.<p>This issue affects woof: before woof_15.3.0.</p>"}]}], "references": [{"url": "https://github.com/fabiangreffrath/woof/pull/2521", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:31:23.278152Z", "id": "CVE-2026-4750", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:31:31.027Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4750", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T14:31:23.278152Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:31:27.649Z"}}], "cna": {"title": "Out-of-bounds Read in fabiangreffrath woof", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "fabiangreffrath", "product": "woof", "versions": [{"status": "affected", "version": "0", "lessThan": "woof_15.3.0", "versionType": "git"}], "collectionURL": "https://github.com/fabiangreffrath/woof", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/fabiangreffrath/woof/pull/2521", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds Read vulnerability in fabiangreffrath woof.<p>This issue affects woof: before woof_15.3.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:36:44.407Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4750", "state": "PUBLISHED", "dateUpdated": "2026-03-24T14:31:31.027Z", "dateReserved": "2026-03-24T05:36:24.851Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-03-24T05:36:44.407Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0."}], "id": "CVE-2026-4750", "lastModified": "2026-03-24T15:53:48.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-03-24T06:16:23.260", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/fabiangreffrath/woof/pull/2521"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,woof_15.3.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "woof", "source": "cna", "vendor": "fabiangreffrath"}, "product": "woof", "vendor": "fabiangreffrath"}], "analysis": {"en": {"generated_at": "2026-03-24T07:24:41.132631+00:00", "value": {"mitigation_remediation": ["Upgrade woof to version 15.3.0 or later as soon as possible.", "Check the fabiangreffrath project page or related advisories for any patches or updates.", "If upgrading is delayed, add input validation or boundary checks around the use of woof to prevent the out\u2011of\u2011bounds read from occurring."], "summary": {"action": "Immediate Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The issue affects all releases of fabiangreffrath:woof prior to the 15.3.0 version. There is no narrower version scope given, so any deployment using a version older than 15.3.0 is considered vulnerable.", "description_and_impact": "An out-of-bounds read vulnerability has been identified in the software component woof provided by fabiangreffrath. The flaw allows code within the application to read data beyond the bounds of a designated buffer, potentially exposing sensitive or private information to an attacker. The vulnerability is scored at 9.1 under CVSS, indicating a severe risk of exploitation, and although no explicit exploitation method is disclosed, the high score suggests that an attacker could leverage the flaw to obtain confidential data or possibly gain a foothold for higher\u2011level attacks.", "risk_and_exploitability": "The CVSS score of 9.1 reflects a high attack impact. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, so current exploitation activity is unknown. The likely path to exploitation involves providing crafted input to woof that triggers the out\u2011of\u2011bounds read, indicating a high likelihood of attack if the attacker can exercise control over the input or code path. In absence of publicly available exploits, the risk remains theoretical but potentially significant due to the severity rating."}}}}, "created": "2026-03-24T10:28:59.273913+00:00", "updated": "2026-03-25T20:40:03.996234+00:00", "vendors": ["fabiangreffrath", "fabiangreffrath$PRODUCT$woof"]}