Buffer Overflow Vulnerability in Shibby Tomato Router Firmware
CVE-2026-10067

8.7HIGH

Key Information:

Vendor

Shibby

Status
Tomato
Vendor
CVE Published:
29 May 2026

What is CVE-2026-10067?

A stack-based buffer overflow vulnerability has been identified in Shibby Tomato Firmware version 1.28, specifically within the function sub_90F0 of the multimon.cgi file. This flaw allows for remote exploitation, meaning that attackers can trigger the vulnerability without local access. The affected firmware version is no longer supported by its maintainer, which increases the risk for users. This vulnerability underscores the importance of updating to supported firmware versions, such as FreshTomato, to ensure ongoing security and protection against potential attacks.

Affected Version(s)

Tomato 1.28

References

https://vuldb.com/vuln/367153
vdb-entrytechnical-description
https://vuldb.com/vuln/367153/cti
signaturepermissions-required
https://vuldb.com/submit/818146
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Cormac315 (VulDB User)
VulDB CNA Team
.