CVE-2026-5720
published 2026-04-17CVE-2026-5720: miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information…
PriorityP348critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
0.67%
47.5th percentile
miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation in ParseHttpHeaders(), where the parsed length underflows to a large unsigned value when passed to memchr(), causing the process to scan memory far beyond the allocated HTTP request buffer.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| miniupnp_project | miniupnpd | < 2.3.10 | 2.3.10 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv4.07.1HIGHCVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q4xv-xmjx-4h94: miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or inform
ghsa_unreviewed·2026-04-18
CVE-2026-5720 [HIGH] CWE-125 GHSA-q4xv-xmjx-4h94: miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or inform
miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation in ParseHttpHeaders(), where the parsed length underflows to a large unsigned value when passed to memchr(), causing the process to scan memory far beyond the allocated HTTP request buffer.
VulDB
miniupnp project miniupnpd up to 2.3.9 HTTP Request ParseHttpHeaders integer underflow
vuldb·2026-04-17·CVSS 7.1
CVE-2026-5720 [HIGH] miniupnp project miniupnpd up to 2.3.9 HTTP Request ParseHttpHeaders integer underflow
A vulnerability, which was classified as critical, has been found in miniupnp project miniupnpd up to 2.3.9. This affects the function ParseHttpHeaders of the component HTTP Request Handler. This manipulation causes integer underflow.
This vulnerability is registered as CVE-2026-5720. The attack requires access to the local network. No exploit is available.
It is advisable to upgrade the affected component.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-5720 miniupnpd: miniupnpd: Denial of service or information disclosure due to integer underflow in SOAPAction header parsing. [fedora-all]
bugzilla·2026-04-20·CVSS 7.1
CVE-2026-5720 [HIGH] CVE-2026-5720 miniupnpd: miniupnpd: Denial of service or information disclosure due to integer underflow in SOAPAction header parsing. [fedora-all]
CVE-2026-5720 miniupnpd: miniupnpd: Denial of service or information disclosure due to integer underflow in SOAPAction header parsing. [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-2026-f933979509 (miniupnpd-2.3.10-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-f933979509
---
FEDORA-2026-5f908cb040 (miniupnpd-2.3.10-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-5f908cb040
---
FEDORA-2026-2e8a8fd35b (miniupnpd-2.3.10-1.fc42) has been submitted as an update to F
Bugzilla
CVE-2026-5720 miniupnpd: miniupnpd: Denial of service or information disclosure due to integer underflow in SOAPAction header parsing.
bugzilla·2026-04-17·CVSS 7.1
CVE-2026-5720 [HIGH] CVE-2026-5720 miniupnpd: miniupnpd: Denial of service or information disclosure due to integer underflow in SOAPAction header parsing.
CVE-2026-5720 miniupnpd: miniupnpd: Denial of service or information disclosure due to integer underflow in SOAPAction header parsing.
miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation in ParseHttpHeaders(), where the parsed length underflows to a large unsigned value when passed to memchr(), causing the process to scan memory far beyond the allocated HTTP request buffer.
2026-04-17
Published