Home / Vulnerability Intelligence / CVE-2026-7426

CVE-2026-7426 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: April 29, 2026

FreeRTOS-Plus-TCP - Buffer Overflow

Published: April 29, 2026Updated: April 29, 2026

Overview

FreeRTOS-Plus-TCP < V4.2.6 and < V4.4.1 contains a heap buffer overflow caused by insufficient validation of the prefix length field in IPv6 Router Advertisement processing, letting adjacent network attackers cause memory corruption, exploit requires adjacency to the network.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Adjacent attackers can cause memory corruption via heap buffer overflow, potentially leading to denial of service or code execution.

Mitigation

Upgrade to version V4.2.6 or V4.4.1 or later.

References

https://aws.amazon.com/security/security-bulletins/2026-023-aws/
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.2.6
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.4.1

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-7426
Severity: High
CVSS Score: 8.1
Type: buffer_overflow
Status: new

CWE

CWE-787

CVSS Metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H