CVE-2026-24819
CVE-2026-24819 is a medium-severity vulnerability with a CVSS 4.0 base score of 6.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-1325.
Key facts
- Severity: Medium (CVSS 4.0 base score 6.3)
- EPSS exploit prediction: 0% (35th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-4799
- Weakness: CWE-1325
- Published:
- Last modified:
Description
Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules). This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java. This issue affects weixin4j.
Frequently asked questions
- What is CVE-2026-24819?
- Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j (weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules). This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java. This issue affects weixin4j.
- How severe is CVE-2026-24819?
- CVE-2026-24819 has a CVSS 4.0 base score of 6.3, rated medium severity.
- Is CVE-2026-24819 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (35th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2026-24819?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2026-24819 have an EU (EUVD) identifier?
- Yes. CVE-2026-24819 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-4799.
- When was CVE-2026-24819 published?
- CVE-2026-24819 was published on 2026-01-27 and last updated on 2026-06-17.
References
Other CWE-1325 vulnerabilities
- CVE-2024-27796 — High (CVSS 7.8): The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS…
- CVE-2026-34183 — High (CVSS 7.5): Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing…
- CVE-2025-2240 — High (CVSS 7.5): A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This…
- CVE-2026-8199 — Medium (CVSS 6.5): An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet,…
- CVE-2024-2511 — Medium (CVSS 5.9): Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3…
- CVE-2026-6869 — Medium (CVSS 5.5): WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service