VYPR
Critical severity9.1NVD Advisory· Published Apr 17, 2026· Updated May 11, 2026

CVE-2026-5720

CVE-2026-5720

Description

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation in ParseHttpHeaders(), where the parsed length underflows to a large unsigned value when passed to memchr(), causing the process to scan memory far beyond the allocated HTTP request buffer.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Miniupnp Project/Miniupnpdreferences3 versions
    (expand)+ 2 more
    • (no CPE)
    • cpe:2.3:a:miniupnp_project:miniupnpd:*:*:*:*:*:*:*:*range: <2.3.10
    • (no CPE)

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.