๐Ÿ” CVE Alert

CVE-2026-55490

MEDIUM 6.5

OpenWrt: EAD Integer Underflow โ†’ Pre-Auth Denial of Service

CVSS Score
6.5
EPSS Score
0.6%
EPSS Percentile
47th

OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handle_send_a() of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows before a bounds check and is then passed to memcpy as a very large size. This issue is fixed v25.12.5.

CWE CWE-191
Vendor openwrt
Product openwrt
Published Jul 7, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for openwrt openwrt

Be the first to know when new medium vulnerabilities affecting openwrt openwrt are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Affected Versions

openwrt / openwrt
< 25.12.5

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/openwrt/openwrt/security/advisories/GHSA-9558-77jp-g3fw github.com: https://github.com/openwrt/openwrt/commit/63c0767f3d02f7b10b0f0b5293366bd059a08ca5 github.com: https://github.com/openwrt/openwrt/releases/tag/v25.12.5