CVE-2026-12192 | A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted… | CVSS 8.8 HIGH

Description

A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Metadata

CVE ID: CVE-2026-12192
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-06-14 06:47 UTC
Published: 2026-06-14 23:15 UTC
Last updated: 2026-06-14 23:15 UTC
Primary CWE: CWE-120
Buffer Overflow
Vendor / Product: GALAYOU / Y4
Sources: cve.org · NVD

Severity & Metrics

8.8 HIGH CVSS 3.1

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Affected products (1)

Vendor	Product	Platform	Versions
GALAYOU	Y4	—	1.0.0

Weakness (CWE)

CWE	Source	Description
CWE-119	cna	Memory Corruption
CWE-120	cna	Buffer Overflow

CVSS scores (4)

Score	Severity	Version	Source	Vector
8.8	HIGH	3.1	cna	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
8.8	HIGH	3.0	cna	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
8.7	HIGH	4.0	cna	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
8.3	N/D	2.0	cna	AV:A/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR

References (4)

VDB-370838 | GALAYOU Y4 Web Server buffer overflow https://vuldb.com/vuln/370838
VDB-370838 | CTI Indicators (IOB, IOC) https://vuldb.com/vuln/370838/cti
CVE-2026-12192 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-12192
Submit #825801 | Galayou Y4 V1.0.0 Buffer Overflow https://vuldb.com/submit/825801