CVE-2026-7426

Summary

Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid length, resulting in a heap buffer overflow. Users processing IPv4 RA only are not impacted.

To mitigate this issue, users should upgrade to the fixed version when available.

Affected Software

VendorProductVersion RangeStatus
AWSFreeRTOS-Plus-TCP4.0.0 < 4.2.6affected
AWSFreeRTOS-Plus-TCP4.3.0 < 4.4.1affected
AWSFreeRTOS-Plus-TCP4.2.6unaffected
AWSFreeRTOS-Plus-TCP4.4.1unaffected

Weaknesses

  • CWE-787: CWE-787: Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References