๐Ÿ” CVE Alert

CVE-2026-16095

HIGH 8.8

Shibby Tomato rc setup_conntrack out-of-bounds write

CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th

A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by this issue is the function setup_conntrack of the file /sbin/rc. Executing a manipulation of the argument ct_tcp_timeout can lead to out-of-bounds write. The attack may be performed from remote. This project is superseded by FreshTomato.

CWE CWE-787 CWE-119
Vendor shibby
Product tomato
Published Jul 18, 2026
Stay Ahead of the Next One

Get instant alerts for shibby tomato

Be the first to know when new high vulnerabilities affecting shibby tomato are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Shibby / Tomato
1.28 RT-N5x MIPSR2 Build 124

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/379799 vuldb.com: https://vuldb.com/vuln/379799/cti vuldb.com: https://vuldb.com/cve/CVE-2026-16095 vuldb.com: https://vuldb.com/submit/855123 gitee.com: https://gitee.com/Fengyi-Wang/CVE/issues/IJTQ5S

Credits

๐Ÿ” Cormac315 (VulDB User) VulDB CNA Team