CVE-2026-1681
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk1th percentile - higher than 1% of all known CVEs
Summary
A vulnerability in the operating system allows a stack overflow by sending an ICMP ping to the device's own IPv4 address using the `net ping` command. This causes recursive processing of the packet in the network stack, leading to a stack overflow in the system work-queue stack.
Risk Assessment
An attacker can exploit this vulnerability to cause a system crash (DoS) by sending a specially crafted ping to the local device address.
Recommendation
It is recommended to immediately update the system to a version containing a fix for this vulnerability. Until the update is applied, restrict the ability to execute the `net ping` command for unauthorized users.
Original NVD description (English source)
Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are processed inline before the current frame returns. The nested input-path frames exceed the work-queue stack and trigger a stack overflow.

