CVE-2026-55490

Source
https://cve.org/CVERecord?id=CVE-2026-55490
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-55490.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-55490
Aliases
  • GHSA-9558-77jp-g3fw
Published
2026-07-07T21:08:26.638Z
Modified
2026-07-10T03:54:30.146440314Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
OpenWrt: EAD Integer Underflow → Pre-Auth Denial of Service
Details

OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handlesenda() of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows before a bounds check and is then passed to memcpy as a very large size. This issue is fixed v25.12.5.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55490.json",
    "cwe_ids": [
        "CWE-191"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/openwrt/openwrt

Affected ranges

Type
GIT
Repo
https://github.com/openwrt/openwrt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "25.12.5"
        }
    ]
}

Affected versions

Other
reboot
v25.*
v25.12.0
v25.12.0-rc1
v25.12.0-rc2
v25.12.0-rc3
v25.12.0-rc4
v25.12.0-rc5
v25.12.1
v25.12.2
v25.12.3
v25.12.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-55490.json"