216.73.216.67

CVE-2026-39929

· Published 28/05/2026 22:16 · Modified 28/05/2026 22:16

Labels: CVE-2026-39929 2026-05-28CVE-2026-39929CWE-125[email protected]

Essential information

Published
28/05/2026 22:16
Modified
28/05/2026 22:16
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed packet with an invalid memory address at offset 0x4 in the payload to trigger an access violation and cause a denial of service.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
lakeside / lakeside systack agent cpe:2.3:a:lakeside:lakeside_systack_agent:<11.2.1.28:*:*:*:*:*:*:*
lakeside / lakeside systack agent cpe:2.3:a:lakeside:lakeside_systack_agent:<11.3.0.38:*:*:*:*:*:*:*
lakeside / lakeside systack agent cpe:2.3:a:lakeside:lakeside_systack_agent:<11.4.0.24:*:*:*:*:*:*:*
lakeside / lakeside systack agent cpe:2.3:a:lakeside:lakeside_systack_agent:<11.5.0.15:*:*:*:*:*:*:*

References