Stack-Based Buffer Overflow Vulnerability in Shibby Tomato Router Firmware
CVE-2026-16096

8.7HIGH

Key Information:

Vendor

Shibby

Status
Vendor
CVE Published:
18 July 2026

What is CVE-2026-16096?

A stack-based buffer overflow vulnerability exists in the Shibby Tomato firmware, specifically within the function sub_40BB50 in the /proc/webmon_recent_domains file. This allows an attacker to exploit the vulnerability remotely, potentially compromising the device's integrity. Users of affected versions should take immediate action to secure their systems to prevent exploitation.

Affected Version(s)

Tomato 1.28 RT-N5x MIPSR2 Build 124

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Cormac315 (VulDB User)
VulDB CNA Team
.