CVE-2026-56099

MEDIUM 5.3

OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set.

CWE	CWE-125
Vendor	openbsd
Product	src
Published	Jun 18, 2026

Stay Ahead of the Next One

Get instant alerts for openbsd src

Be the first to know when new medium vulnerabilities affecting openbsd src are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected Versions

openbsd / src

0 < 6a23123ec05f1eb29cfcaae0f3a468b2e1983cfd

References

NVD ↗ CVE.org ↗ EPSS Data ↗

pop.argus-systems.ai: https://pop.argus-systems.ai/advisory/adv-040.html github.com: https://github.com/openbsd/src/commit/6a23123ec05f1eb29cfcaae0f3a468b2e1983cfd vulncheck.com: https://www.vulncheck.com/advisories/openbsd-mpls-do-error-kernel-stack-memory-disclosure-via-mpls-input

Credits

Argus Systems