CVE-2026-24874 CRITICAL

CVE-2026-24874: Type confusion in xray-monolith

Vendor Themrdemonized
Product xray-monolith
Weakness CWE-843
Published January 27, 2026
Last update January 27, 2026

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30.

Key dates

02Disclosure timeline

January 27, 2026 CVE published
January 27, 2026 Record updated