Critical severity9.1NVD Advisory· Published Apr 17, 2026· Updated May 11, 2026
CVE-2026-5720
CVE-2026-5720
Description
miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation in ParseHttpHeaders(), where the parsed length underflows to a large unsigned value when passed to memchr(), causing the process to scan memory far beyond the allocated HTTP request buffer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3(expand)+ 2 more
- (no CPE)
- cpe:2.3:a:miniupnp_project:miniupnpd:*:*:*:*:*:*:*:*range: <2.3.10
- (no CPE)
Patches
Vulnerability mechanics
References
2- github.com/miniupnp/miniupnp/commit/f56bd09b2f2650126b832c5f30a65a09e28167fanvdPatch
- www.vulncheck.com/advisories/miniupnpd-integer-underflow-soapaction-header-parsingnvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.