Improper Input Validation in OpenThread's NAT64 Translator Affects All Platforms
CVE-2026-8369

6MEDIUM

Key Information:

Vendor: The Openthread Authors
Status: Openthread
Vendor: CVE Published:; 13 May 2026

🔔 Create The Openthread Authors Vulnerability Alert

What is CVE-2026-8369?

OpenThread's NAT64 translator is susceptible to improper input validation, enabling attackers on adjacent IPv4 networks to inject malformed IPv6 packets into the Thread mesh. This vulnerability may allow for the circumvention of security checks through the use of specially crafted IPv4 packets, potentially compromising the integrity and security of network communications.

Affected Version(s)

OpenThread commit 26a882d

References

https://github.com/openthread/openthread/pull/12818

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
May 11, 2026

CVE-2026-8369 Data

JSON