CVE-2026-39929 | Lakeside SysTrack Agent prior 11.2.1.28/11.3.0.38/11.4.0.24/11.5.0.15 out-of-bounds

Lakeside SysTrack Agent contains an out-of-bounds read vulnerability (CVE-2026-39929) in the Command ID 30 UDP packet handler that allows remote attackers to cause an application crash/denial of service by sending a specially crafted UDP packet; affected versions are prior to 11.2.1.28, 11.3.0.38, 11.4.0.24 and 11.5.0.15 and the vendor recommends upgrading to the listed fixed versions. The advisory attributes discovery to Austin A. Defrancesco, notes exploitation is straightforward in concept but no public exploit or technical details are available, and the primary impact is availability (DoS).