Stack-based Buffer Overflow Vulnerability in Shibby Tomato Router Firmware
CVE-2026-16097

8.7HIGH

Key Information:

Vendor

Shibby

Status
Vendor
CVE Published:
18 July 2026

What is CVE-2026-16097?

A security vulnerability has been discovered in Shibby Tomato 1.28, specifically within the function sub_42537C of the Scheduler Name Handler component. This vulnerability allows for a stack-based buffer overflow, which could be exploited remotely by manipulating the function's input argument. This flaw could potentially lead to unauthorized access and control over the affected system. Users are encouraged to assess their systems and consider migrating to the superior FreshTomato project as a preventive measure.

Affected Version(s)

Tomato 1.28

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Cormac315 (VulDB User)
VulDB CNA Team
.