CVE-2026-33666: Zserio BitStreamReader Overflow Bypasses Bounds Check

/HIGH /CVSS 7.5/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-190
CVE-2026-33666: Zserio BitStreamReader Overflow Bypasses Bounds Check

The National Vulnerability Database has detailed CVE-2026-33666, a high-severity vulnerability (CVSS 7.5) in Zserio, a data serialization framework. Prior to version 2.18.1, the setBitPosition() bounds check in BitStreamReader.h’s readBytes() and readString() functions is bypassed due to an integer overflow. This allows the code to attempt reading up to 512 MB from a buffer that is only a few bytes long, leading to a segmentation fault.

This is a critical flaw that can lead to denial-of-service, disrupting applications reliant on Zserio for data serialization. The attacker’s calculus here is straightforward: exploit an easily triggered bug to crash services. While the CVSS vector indicates no impact on confidentiality or integrity, a reliable DoS can still be a significant operational hurdle, especially for critical infrastructure or high-availability systems.

Defenders need to treat this as an immediate patching priority. The fix is available in Zserio version 2.18.1. Any systems or applications leveraging Zserio must be updated to mitigate the risk of service disruption. This isn’t theoretical; integer overflows bypassing bounds checks are a classic vulnerability class that consistently gets exploited.

What This Means For You

  • If your organization utilizes Zserio for data serialization in any application, you need to identify all instances and patch them to version 2.18.1 or later immediately. A segmentation fault from this vulnerability can lead to critical service outages. Prioritize systems where Zserio handles untrusted input.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1204.002 Malicious File Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-33666: Zserio BitStreamReader readBytes Overflow Attempt

Sigma YAML — free preview 
title: CVE-2026-33666: Zserio BitStreamReader readBytes Overflow Attempt
id: scw-2026-04-24-ai-1
status: experimental
level: critical
description: |
  Detects the execution of Zserio related processes attempting to call the vulnerable readBytes function in BitStreamReader.h, which is a direct indicator of an attempt to exploit CVE-2026-33666. The overflow in setBitPosition bypasses bounds checks, leading to a segmentation fault when reading an excessive amount of data from a small buffer.
author: SCW Feed Engine (AI-generated)
date: 2026-04-24
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-33666/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: process_creation
detection:
  selection:
      Image|contains:
          - 'zserio'
      CommandLine|contains:
          - 'readBytes'
      CommandLine|contains:
          - 'setBitPosition'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-33666 Buffer Overflow Zserio framework versions prior to 2.18.1
CVE-2026-33666 Memory Corruption Zserio BitStreamReader.h readBytes() function
CVE-2026-33666 Memory Corruption Zserio BitStreamReader.h readString() function
CVE-2026-33666 DoS Segmentation fault due to bypassed setBitPosition() bounds check in Zserio

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 24, 2026 at 22:17 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

Featured

Daily Security Digest — 2026-04-24

12 vulnerability disclosures (3 Critical, 9 High) and 3 curated intelligence stories from 2 sources.

daily-digestvulnerabilityCVEhigh-severitycwe-1321cwe-113cwe-183cwe-441cwe-918critical
/SCW Daily Digest /CRITICAL

Dgraph CVE-2026-41492: Unauthenticated Admin Token Exposure Via /debug/vars

CVE-2026-41492 — Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on...

vulnerabilityCVEcriticalhigh-severitycwe-200
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-41421: SiYuan Desktop RCE via HTML Notification Abuse

CVE-2026-41421 — SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer....

vulnerabilityCVEhigh-severitycode-executioncwe-78cwe-79
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 4 IOCs /⚙ 3 Sigma