CVE-2026-41682

UNKNOWN 0.0

pupnp: Port truncation via atoi() cast in parse_uri() allows SSRF port confusion

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi() cast in parse_uri(). This issue has been patched in version 1.18.5.

CWE	CWE-195 CWE-918
Vendor	pupnp
Product	pupnp
Published	May 8, 2026

Stay Ahead of the Next One

Get instant alerts for pupnp pupnp

Be the first to know when new unknown vulnerabilities affecting pupnp pupnp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

pupnp / pupnp

< 1.18.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/pupnp/pupnp/security/advisories/GHSA-q522-6w45-4j58 github.com: https://github.com/pupnp/pupnp/commit/def5f9a2bc42f5b3d713e37c516fbe840ce54b7b github.com: https://github.com/pupnp/pupnp/releases/tag/release-1.18.5