Resource Consumption Vulnerability in Shibby Tomato Firmware by Tomato
CVE-2026-10069

8.7HIGH

Key Information:

Vendor

Shibby

Status
Tomato
Vendor
CVE Published:
29 May 2026

What is CVE-2026-10069?

A vulnerability exists within the Shibby Tomato firmware 1.28, specifically affecting the miniupnpd service, leading to potential resource exhaustion. This issue can be exploited remotely, enabling attackers to consume system resources adversely. Notably, the Shibby Tomato project is no longer maintained, emphasizing the importance of migrating to supported firmware versions like FreshTomato to mitigate such vulnerabilities.

Affected Version(s)

Tomato 1.28

References

https://vuldb.com/vuln/367155
vdb-entry
https://vuldb.com/vuln/367155/cti
signaturepermissions-required
https://vuldb.com/submit/818238
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB Gitee Analyzer
VulDB CNA Team
.