Out-of-bounds Read Vulnerability in ASR Kestrel by ASR Micro
CVE-2026-42799

7.4HIGH

Key Information:

Vendor: Asr
Status: Kestrel
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-42799?

The ASR Kestrel product contains an out-of-bounds read vulnerability within the nr_fw module that may lead to overflow buffers. This flaw impacts program execution and could allow an attacker to exploit the logic of the application, potentially leading to unauthorized data exposure. Affected versions of ASR Kestrel must be updated before February 10, 2026, to mitigate this risk effectively. Organizations using this product should prioritize assessing their installations to prevent potential exploitation.

Affected Version(s)

Kestrel 0 < 2026/02/10

References

https://www.asrmicro.com/en/goods/psirt?cid=44

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Apr 30, 2026

CVE-2026-42799 Data

JSON

Asr

What is CVE-2026-42799?

Affected Version(s)

References

CVSS V3.1

Timeline