CVE-2026-33250 (CVSS 7.5) is a stack-based buffer overflow in Freeciv21 prior to version 3.1.1 affecting both server and client attack surfaces: unauthenticated attackers can crash public game servers, and malicious servers can crash connecting game clients. While this is gaming software with limited enterprise footprint, organizations hosting public Freeciv21 servers or permitting staff to connect to external instances face availability and client-side crash risk. Actions: upgrade to Freeciv21 3.1.1, restrict inbound connections to Freeciv21 default port (TCP 5556) to authorized IP ranges, and audit managed endpoints for the presence of pre-3.1.1 installations.