{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4749", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T05:35:07.565Z", "datePublished": "2026-03-24T05:35:36.711Z", "dateUpdated": "2026-03-24T14:31:56.424Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:35:36.711Z"}, "title": "NVD-CWE-noinfo in albfan miraclecast", "problemTypes": [{"descriptions": [{"lang": "en", "description": "NVD-CWE-noinfo NVD-CWE-noinfo", "type": "CWE"}]}], "affected": [{"vendor": "albfan", "product": "miraclecast", "collectionURL": "https://github.com/albfan/miraclecast", "versions": [{"status": "affected", "version": "0", "lessThan": "v1.0", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "NVD-CWE-noinfo vulnerability in albfan miraclecast.<p>This issue affects miraclecast: before v1.0.</p>"}]}], "references": [{"url": "https://github.com/albfan/miraclecast/pull/555", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "credits": [{"lang": "en", "value": "TITAN Team ([email protected])", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:31:49.134429Z", "id": "CVE-2026-4749", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:31:56.424Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4749", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T14:31:49.134429Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:31:53.105Z"}}], "cna": {"title": "NVD-CWE-noinfo in albfan miraclecast", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team ([email protected])"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "albfan", "product": "miraclecast", "versions": [{"status": "affected", "version": "0", "lessThan": "v1.0", "versionType": "git"}], "collectionURL": "https://github.com/albfan/miraclecast", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/albfan/miraclecast/pull/555", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0.", "supportingMedia": [{"type": "text/html", "value": "NVD-CWE-noinfo vulnerability in albfan miraclecast.<p>This issue affects miraclecast: before v1.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "NVD-CWE-noinfo NVD-CWE-noinfo"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:35:36.711Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4749", "state": "PUBLISHED", "dateUpdated": "2026-03-24T14:31:56.424Z", "dateReserved": "2026-03-24T05:35:07.565Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-03-24T05:35:36.711Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0."}], "id": "CVE-2026-4749", "lastModified": "2026-03-24T15:53:48.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-24T06:16:23.120", "references": [{"source": "[email protected]", "url": "https://github.com/albfan/miraclecast/pull/555"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,v1.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "miraclecast", "source": "cna", "vendor": "albfan"}, "product": "miraclecast", "vendor": "albfan"}], "analysis": {"en": {"generated_at": "2026-03-27T10:38:25.172411+00:00", "value": {"mitigation_remediation": ["Update miraclecast to version 1.0 or later", "If an update is unavailable, implement input sanitization and rendering safeguards to prevent script execution", "Monitor application logs for suspicious input patterns and alert on potential XSS attempts"], "summary": {"action": "Immediate Patch", "impact": "Cross\u2011site scripting vulnerability allowing malicious script execution in client browsers"}, "threat_synthesis": {"affected_systems": "The affected product is miraclecast by albfan. Versions prior to 1.0 are vulnerable; no more specific version numbers are provided.", "description_and_impact": "The vulnerability permits attackers to inject malicious scripts via user input, potentially defacing content, hijacking sessions, or stealing credentials. This cross\u2011site scripting flaw is identified by CWE\u201179 and may be leveraged if unfiltered user data is rendered to browsers.", "risk_and_exploitability": "The CVSS score of 6.5 denotes moderate severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in the KEV catalog. Exploitation would require an attacker to supply crafted input that is rendered client\u2011side, suggesting an external attack vector but limited to users interacting with the application."}}}}, "created": "2026-03-24T10:29:00.123374+00:00", "title": "Cross\u2011site scripting vulnerability in miraclecast before v1.0", "updated": "2026-03-27T15:48:12.442158+00:00", "vendors": ["albfan", "albfan$PRODUCT$miraclecast"]}