CVE-2026-24874 — AI Deep Analysis Summary

🚨 **Essence**: Type confusion in `STALKER-Anomaly-modded-exes` due to incompatible resource access. 💥 **Consequences**: High risk of **Code Execution** or **System Crash**.…

🛡️ **Root Cause**: **CWE-843** (Access of Resource Using Incompatible Type). The engine misinterprets data types when accessing resources, leading to memory corruption or logic errors.…

🎮 **Affected**: `xray-monolith` product by vendor `themrdemonized`. 📅 **Versions**: `STALKER-Anomaly-modded-exes` **before 2025.12.30**. ✅ **Safe**: Versions >= 2025.12.30 are patched.

💀 **Attacker Actions**: Full **Confidentiality** & **Integrity** compromise. 📂 **Privileges**: No authentication required (PR:N). Can likely execute arbitrary code or crash the game engine remotely/locally.…

⚡ **Threshold**: **LOW**. 🌐 **Network**: Attack Vector is Network (AV:N). 🔑 **Auth**: None required (PR:N). 👤 **User Interaction**: None required (UI:N). Easy to exploit if the vulnerable binary is exposed or processed.

🕵️ **Public Exploit**: **No** public PoC listed in data (pocs: []). 🔗 **Reference**: Fix details in GitHub PR #399. ⚠️ **Wild Exploitation**: Unknown, but low barrier suggests potential for future wild exploits.

🔍 **Self-Check**: Verify version number. ❌ **Vulnerable**: Any build dated **before 2025-12-30**. ✅ **Safe**: Build **2025-12-30** or later.…

🩹 **Fixed**: **YES**. 📅 **Patch Date**: 2025.12.30. 🔗 **Source**: GitHub Pull Request #399 by `themrdemonized`. 🔄 **Action**: Update to the latest release immediately.

🚧 **No Patch Workaround**: Isolate the game engine. 🚫 **Block**: Prevent network access to the vulnerable executable if possible. 🛑 **Mitigation**: Do not load untrusted mods or resources until patched.…

🔥 **Urgency**: **HIGH**. 📊 **CVSS**: High severity (C:H, I:H). 🚨 **Priority**: Patch immediately. ⏳ **Risk**: Unauthenticated network access makes this critical for any online or mod-sharing components.…