CVE Catalog

CVE-2026-5720

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.67%

48th percentile — higher than 48% of all known CVEs

Summary

An integer underflow vulnerability in miniupnpd's SOAPAction header parsing allows remote attackers to cause denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Improper length validation leads to an out-of-bounds memory read.

Risk Assessment

The organization faces denial of service attacks and potential leakage of sensitive data from the miniupnpd process memory, which can disrupt network services and compromise information confidentiality.

Recommendation

Update miniupnpd to a patched version immediately. If unavailable, restrict access to the service to trusted networks only.

Original NVD description (English source)

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation in ParseHttpHeaders(), where the parsed length underflows to a large unsigned value when passed to memchr(), causing the process to scan memory far beyond the allocated HTTP request buffer.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS