Critical severityOSV Advisory· Published Jan 27, 2026· Updated Apr 15, 2026

CVE-2026-24798

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine (prog/3rdPartyLibs/miniupnpc modules). This vulnerability is associated with program files upnpreplyparse.C.

This issue affects DagorEngine: through dagor_2025_01_15.

Affected products

GaijinEntertainment/DagorengineOSV
Range: dagor_2023_09_15, dagor_2023_10_22, dagor_2023_10_31, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/GaijinEntertainment/DagorEngine/pull/136nvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000