Integer Underflow Vulnerability in OpenWrt Emergency Access Daemon
CVE-2026-55490

6.5MEDIUM

Key Information:

Vendor

Openwrt

Status
Vendor
CVE Published:
7 July 2026

What is CVE-2026-55490?

The Emergency Access Daemon in OpenWrt before version 25.12.5 is susceptible to an integer underflow vulnerability that allows unauthenticated attackers on the local network to cause a crash. The vulnerability arises in the handle_send_a() function, where a crafted UDP packet can lead to an underflow before a bounds check is performed, resulting in an excessively large size being passed to memcpy. This flaw has been addressed in version 25.12.5, enhancing security against such attacks.

Affected Version(s)

openwrt < 25.12.5

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.