HIGH
Lakeside Software, LLC.
CVE published 2026-05-28
CVE-2026-39929
Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, and 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler. A remote attacker can crash the application by sending a specially crafted UDP packet containing an invalid memory address at offset 0x4 in the payload, triggering an access violation and causing denial of service. The vulnerability w [truncated]