Stack-based Buffer Overflow in OpenWrt's mdns Daemon for IPv6 Processing
CVE-2026-30872

9.5CRITICAL

Key Information:

Vendor

Openwrt

Status
Openwrt
Vendor
CVE Published:
19 March 2026

What is CVE-2026-30872?

The OpenWrt Project's mdns daemon, designed for managing multicast DNS, contains a stack-based buffer overflow vulnerability affecting versions before 24.10.6 and 25.12.1. This vulnerability is exploited when processing PTR queries for IPv6 reverse DNS domains, where the domain data is inadequately validated. An attacker can exploit this flaw by sending a crafted DNS query that exceeds the allowable buffer size, leading to potential out-of-bounds writes and allowing for remote code execution. This issue is critical to address as it poses significant security risks to embedded devices running OpenWrt.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

openwrt >= 25.12.0-rc1, < 25.12.1 < 25.12.0-rc1, 25.12.1

openwrt < 24.10.6 < 24.10.6

References

https://github.com/openwrt/openwrt/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/openwrt/openwrt/releases/tag/v24.10.6
x_refsource_MISC
https://github.com/openwrt/openwrt/releases/tag/v25.12.1
x_refsource_MISC

CVSS V4

Score:
9.5
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.