CVE-2026-3437 CRITICAL

CVE-2026-3437: Improper Restriction of Operations within the Bounds of a Memory Buffer in Portwell Engineering Toolkits

Vendor Portwell
Product Portwell Engineering Toolkits
Weakness CWE-119
Published March 3, 2026
Last update March 3, 2026

CVSS base score

9.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vulnerability could result in escalation of privileges or cause a denial-of-service condition.

Key dates

02Disclosure timeline

March 3, 2026 CVE published
March 3, 2026 Record updated