CVE-2026-5720
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk48th percentile — higher than 48% of all known CVEs
Summary
An integer underflow vulnerability in miniupnpd's SOAPAction header parsing allows remote attackers to cause denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Improper length validation leads to an out-of-bounds memory read.
Risk Assessment
The organization faces denial of service attacks and potential leakage of sensitive data from the miniupnpd process memory, which can disrupt network services and compromise information confidentiality.
Recommendation
Update miniupnpd to a patched version immediately. If unavailable, restrict access to the service to trusted networks only.
Original NVD description (English source)
miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation in ParseHttpHeaders(), where the parsed length underflows to a large unsigned value when passed to memchr(), causing the process to scan memory far beyond the allocated HTTP request buffer.

