🔐 CVE Alert

CVE-2026-14461

UNKNOWN 0.0

Out-of-bound read in mtr

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME field. ipinfo_lookup() function uses the length of the response as the end-of-message boundary for dn_expand() function. The result is a reliable crash. This issue exists in the mtr through version 0.96 and it was fixed in commit 48e1794414d338ce47abc0f27c25ade8788af9c3.

CWE CWE-125
Vendor bitwizard
Product mtr
Published Jul 10, 2026
Last Updated Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for bitwizard mtr

Be the first to know when new unknown vulnerabilities affecting bitwizard mtr are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

BitWizard / mtr
0 ≤ 0.96

References

NVD ↗ CVE.org ↗ EPSS Data ↗
cert.pl: https://cert.pl/en/posts/2026/07/CVE-2026-14461 github.com: https://github.com/traviscross/mtr/commit/48e1794414d338ce47abc0f27c25ade8788af9c3

Credits

Michał Majchrowicz (AFINE Team) Marcin Wyczechowski (AFINE Team)