[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-40572":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-18T02:14:07.519Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":32,"aliases":33,"duplicate_of":9,"upstream":34,"downstream":35,"duplicates":36,"related":37,"reserved_at":9,"published_at":38,"modified_at":38,"state":39,"summary":40,"references_raw":47,"kevs":59,"epss":9,"epss_history":60,"metrics":61,"affected":69},"CVE-2026-40572","NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to map arbitrary virtual address ranges into their address space without validating against forbidden regions, including critical kernel structures such as the IDT, GDT, TSS, and page tables. A local attacker can exploit this to modify kernel interrupt handlers, resulting in privilege escalation from user mode to kernel context. This issue has been fixed in version 0.24.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-269","Improper Privilege Management","The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.","weakness","Draft","Class","Medium",[20,24,28],{"id":21,"name":22,"techniques":23},"CAPEC-122","Privilege Abuse",[],{"id":25,"name":26,"techniques":27},"CAPEC-233","Privilege Escalation",[],{"id":29,"name":30,"techniques":31},"CAPEC-58","Restful Privilege Elevation",[],[],[],[],[],[],[],"2026-04-18T00:16:02.590Z","Received",{"cisa_kev":41,"cisa_ransomware":41,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":42,"severity_score":43,"severity_version":44,"severity_source":45,"severity_vector":46,"severity_status":39},false,"critical",9,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",[48,54],{"url":49,"sources":50,"tags":52},"https://github.com/MinecAnton209/NovumOS/security/advisories/GHSA-rg7m-6vh7-f4v2",[45,51],"nvd",[53],"X Refsource CONFIRM",{"url":55,"sources":56,"tags":57},"https://github.com/MinecAnton209/NovumOS/releases/tag/v0.24",[45,51],[58],"X Refsource MISC",[],[],[62,67],{"source":45,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":63,"cvss_v4_0":9},{"baseScore":43,"baseSeverity":64,"vectorString":46,"impactScore":65,"exploitabilityScore":66},"CRITICAL",9.7,6.4,{"source":51,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":68,"cvss_v4_0":9},{"baseScore":43,"baseSeverity":64,"vectorString":46,"impactScore":65,"exploitabilityScore":66},[70],{"ecosystem":9,"name":71,"vendor":72,"product":73,"cpe_part":74,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":75},"NovumOS","minecanton209","novumos","a",[76],{"version":77,"is_range":78,"range_type":45,"version_start":9,"version_start_type":9,"version_end":79,"version_end_type":80,"fixed_in":9},"\u003C 0.24",true,"0.24","excluding"]