CVE-2026-0793

Critical

Published: 23 January 2026

Published

23 January 2026

Modified

18 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0068 71.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability.…

The specific flaw exists within the InformaCast functionality. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28302.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the lack of validation of user-supplied data length before copying to heap buffers, preventing the buffer overflow exploited in this CVE.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of flaws like this heap-based buffer overflow, eliminating the vulnerability through patching or updates.

SI-16 Memory Protection good match

prevent

Implements memory safeguards such as non-executable heap memory and address space randomization to block arbitrary code execution from heap buffer overflows.

Security SummaryAI

CVE-2026-0793 is a heap-based buffer overflow vulnerability in the InformaCast functionality of ALGO 8180 IP Audio Alerter devices. The flaw stems from insufficient validation of the length of user-supplied data before it is copied into a heap-based buffer, enabling remote code execution. Affected installations include the ALGO 8180 IP Audio Alerter, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), mapped to CWEs-122 (Heap-based Buffer Overflow) and CWE-787 (Out-of-bounds Write).

Remote attackers can exploit this vulnerability without authentication by sending specially crafted data to the device over the network. Successful exploitation allows arbitrary code execution in the context of the device, potentially granting full control over the IP audio alerter.

The Zero Day Initiative published advisory ZDI-26-015 detailing the vulnerability, originally tracked as ZDI-CAN-28302. No specific patch or mitigation details are provided in the available information.

Details

CWE(s): CWE-122 CWE-787

Affected Products

algosolutions

8180 ip audio alerter firmware

5.5

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability enables unauthenticated remote code execution via a heap-based buffer overflow in a network-facing service (InformaCast on ALGO 8180 device), directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.zerodayinitiative.com/advisories/ZDI-26-015/
Third Party Advisory · zdi-disclosures@trendmicro.com