Vulnerability Description
Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid length, resulting in a heap buffer overflow. Users processing IPv4 RA only are not impacted. To mitigate this issue, users should upgrade to the fixed version when available.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | Freertos-Plus-Tcp | >= 4.0.0, < 4.2.6 |
Related Weaknesses (CWE)
References
- https://aws.amazon.com/security/security-bulletins/2026-023-aws/Vendor Advisory
- https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.2.6Release Notes
- https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.4.1Release Notes
- https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-97qg-4359Vendor AdvisoryPatch
FAQ
What is CVE-2026-7426?
CVE-2026-7426 is a vulnerability with a CVSS score of 8.1 (HIGH). Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by ...
How severe is CVE-2026-7426?
CVE-2026-7426 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-7426?
Check the references section above for vendor advisories and patch information. Affected products include: Amazon Freertos-Plus-Tcp.