{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-12192: GALAYOU Y4 Web Server buffer overflow","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-12192","status":"final","version":"1","initial_release_date":"2026-06-14T23:15:09.375Z","current_release_date":"2026-06-14T23:15:09.375Z","revision_history":[{"date":"2026-06-14T23:15:09.375Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-12192 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-12192"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-12192"},{"category":"external","summary":"VDB-370838 | GALAYOU Y4 Web Server buffer overflow","url":"https://vuldb.com/vuln/370838"},{"category":"external","summary":"VDB-370838 | CTI Indicators (IOB, IOC)","url":"https://vuldb.com/vuln/370838/cti"},{"category":"external","summary":"CVE-2026-12192 | CVE Analysis and Report","url":"https://vuldb.com/cve/CVE-2026-12192"},{"category":"external","summary":"Submit #825801 | Galayou Y4 V1.0.0 Buffer Overflow","url":"https://vuldb.com/submit/825801"}]},"product_tree":{"branches":[{"category":"vendor","name":"GALAYOU","branches":[{"category":"product_name","name":"Y4","branches":[{"category":"product_version","name":"1.0.0","product":{"name":"GALAYOU Y4 1.0.0","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:galayou:y4:1.0.0:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-12192","title":"GALAYOU Y4 Web Server buffer overflow","notes":[{"category":"description","text":"A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"]},"scores":[{"cvss_v4":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","baseScore":8.7,"baseSeverity":"HIGH"},"products":["CSAFPID-1"]}],"remediations":[{"category":"none_available","details":"No fixed version is published yet. Monitor the upstream advisory.","product_ids":["CSAFPID-1"]}]}]}