CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad

CVE-2024-7721

CVE-2024-7721: 'MemFray' - The Stack Overflow That Broke the 'Secure' Gateway

Alon Barad
Alon Barad
Software Engineer

Jan 2, 2026·4 min read·25 visits

Executive Summary (TL;DR)

The 'Fortress' Gateway loves speed so much it forgot how to count. By sending a specially crafted HTTP request with an oversized 'X-Custom-Auth' header, an attacker can overflow a stack buffer, overwrite the return address, and gain a root shell. No authentication required. CVSS 9.8. Patch immediately.

A critical stack-based buffer overflow in the core HTTP packet parser of the widely used 'Fortress' Secure Gateway appliance allows unauthenticated remote attackers to execute arbitrary code with root privileges. The vulnerability stems from an insecure implementation of a custom string copying routine designed for 'performance optimization'.

Official Patches

Fortress NetworksOfficial Security Advisory and Firmware Download

Fix Analysis (1)

Technical Appendix

CVSS Score
9.8/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Probability
92.45%
Top 4% most exploited
45,000
via Shodan

Affected Systems

Fortress Secure Gateway SG-1000Fortress Secure Gateway SG-5000Fortress Virtual Appliance v4.0 - v4.2

Affected Versions Detail

Product
Affected Versions
Fixed Version
Fortress OS
Fortress Networks
>= 4.0.0, < 4.2.14.2.1
AttributeDetail
CWE IDCWE-121 (Stack-based Buffer Overflow)
CVSS v3.19.8 (Critical)
VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNetwork (HTTP)
Exploit StatusFunctional PoC Available
EPSS Score0.9245 (High Probability)

MITRE ATT&CK Mapping

T1190Exploit Public-Facing Application
Initial Access
T1203Exploitation for Client Execution
Execution
CWE-121
Stack-based Buffer Overflow

A stack-based buffer overflow condition exists when a program writes to a memory address on the program's call stack outside of the intended data structure.

Known Exploits & Detection

ExploitDBFortress Gateway unauthenticated RCE python script
GitHubFull ROP chain generator for Fortress OS 4.1
NucleiDetection Template Available

Vulnerability Timeline

Vulnerability discovered by internal red team
2024-04-20
Vendor notified
2024-05-01
Patch released (v4.2.1)
2024-05-10
Added to CISA KEV
2024-05-12
Public PoC released on Twitter
2024-05-13

References & Sources

  • [1]NVD Detail
  • [2]Disassembling Fortress: A Technical Deep Dive
Related Vulnerabilities
CVE-2023-4444CVE-2022-1337

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•1 day ago•GHSA-G72G-R7M4-9X4G
6.3

GHSA-G72G-R7M4-9X4G: Insufficient Session Expiration of OAuth Tokens in NocoDB

NocoDB is subject to an insufficient session expiration vulnerability where OAuth access and refresh tokens are not invalidated or revoked during security-sensitive actions such as password changes, forgot-password requests, or password resets. This allows an attacker possessing an active OAuth token to maintain unauthorized persistence.

Amit Schendel
Amit Schendel
7 views•6 min read
•1 day ago•GHSA-FGMC-2HQJ-86V4
6.9

GHSA-FGMC-2HQJ-86V4: Default Administrative Credentials in vantage6-server

A vulnerability in the vantage6 federated learning framework allows unauthenticated remote attackers to gain administrative control of the server via hardcoded default credentials (root/root) when deployed under default configurations in versions 4.2.3 and below.

Amit Schendel
Amit Schendel
8 views•5 min read
•1 day ago•GHSA-X9F6-9RVM-MMRG
6.9

GHSA-X9F6-9RVM-MMRG: Improper Access Control and Volume Mount Isolation Bypass in vantage6 Node

An improper access control vulnerability in the vantage6 node component allows concurrently running algorithm containers to read and modify sensitive input and output files of other tasks. The lack of strict workspace directory isolation exposes a significant attack surface in multi-tenant or federated environments where untrusted algorithms are executed.

Amit Schendel
Amit Schendel
3 views•4 min read
•1 day ago•CVE-2026-47760
8.7

CVE-2026-47760: Cross-Site Scripting (XSS) via SVG Namespace Sanitizer Bypass in TinyMCE

TinyMCE versions 6.8.0 through 7.0.1 contain a high-severity Cross-Site Scripting (XSS) vulnerability. The flaw exists in the custom HTML parser and sanitizer module, which incorrectly manages SVG namespace scopes when parsing nested elements. A low-privileged or unauthenticated attacker can submit a crafted HTML payload containing nested SVG structures to bypass sanitization filters, leading to arbitrary JavaScript execution in the context of the victim's browser session.

Alon Barad
Alon Barad
14 views•7 min read
•1 day ago•CVE-2026-47759
8.7

CVE-2026-47759: Stored Cross-Site Scripting (XSS) via Unsanitized data-mce-* Serialization Bypass in TinyMCE

CVE-2026-47759 is a critical stored Cross-Site Scripting (XSS) vulnerability affecting multiple active branches of the TinyMCE rich text editor. The flaw resides in the editor's handling of user-controlled, prefixed internal attributes, such as data-mce-href, data-mce-src, and data-mce-style. When processing raw HTML inputs, TinyMCE's internal validation schema neglects to inspect these custom prefixed attributes. During HTML serialization, the editor's engine extracts these unsanitized values and copies them back into standard executable attributes, overwriting any previously sanitized standard values and leading to execution of arbitrary code.

Amit Schendel
Amit Schendel
8 views•7 min read
•1 day ago•CVE-2026-47762
8.7

CVE-2026-47762: Stored Cross-Site Scripting (XSS) in TinyMCE Protect Pattern Restoration

A high-severity stored Cross-Site Scripting (XSS) vulnerability was identified in the TinyMCE rich text editor. The flaw exists in the handling of the 'protect' configuration option, where forged placeholder comments containing malicious payloads bypass the editor's sanitization routines and execute arbitrary JavaScript during serialization and content restoration.

Amit Schendel
Amit Schendel
7 views•8 min read