Vulnerability Details CVE-2026-55490
OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handle_send_a() of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows before a bounds check and is then passed to memcpy as a very large size. This issue is fixed v25.12.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 48.2%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2026-55490
-
cpe:2.3:o:openwrt:openwrt:-
-
cpe:2.3:o:openwrt:openwrt:15.05.1
-
cpe:2.3:o:openwrt:openwrt:17.01.0
-
cpe:2.3:o:openwrt:openwrt:17.01.1
-
cpe:2.3:o:openwrt:openwrt:17.01.2
-
cpe:2.3:o:openwrt:openwrt:17.01.3
-
cpe:2.3:o:openwrt:openwrt:17.01.4
-
cpe:2.3:o:openwrt:openwrt:17.01.5
-
cpe:2.3:o:openwrt:openwrt:17.01.6
-
cpe:2.3:o:openwrt:openwrt:17.01.7
-
cpe:2.3:o:openwrt:openwrt:18.06.0
-
cpe:2.3:o:openwrt:openwrt:18.06.1
-
cpe:2.3:o:openwrt:openwrt:18.06.2
-
cpe:2.3:o:openwrt:openwrt:18.06.3
-
cpe:2.3:o:openwrt:openwrt:18.06.4
-
cpe:2.3:o:openwrt:openwrt:18.06.5
-
cpe:2.3:o:openwrt:openwrt:18.06.6
-
cpe:2.3:o:openwrt:openwrt:18.06.7
-
cpe:2.3:o:openwrt:openwrt:18.06.8
-
cpe:2.3:o:openwrt:openwrt:18.06.9
-
cpe:2.3:o:openwrt:openwrt:19.07.0
-
cpe:2.3:o:openwrt:openwrt:19.07.1
-
cpe:2.3:o:openwrt:openwrt:19.07.10
-
cpe:2.3:o:openwrt:openwrt:19.07.2
-
cpe:2.3:o:openwrt:openwrt:19.07.3
-
cpe:2.3:o:openwrt:openwrt:19.07.4
-
cpe:2.3:o:openwrt:openwrt:19.07.5
-
cpe:2.3:o:openwrt:openwrt:19.07.6
-
cpe:2.3:o:openwrt:openwrt:19.07.7
-
cpe:2.3:o:openwrt:openwrt:19.07.8
-
cpe:2.3:o:openwrt:openwrt:19.07.9
-
cpe:2.3:o:openwrt:openwrt:21.02
-
cpe:2.3:o:openwrt:openwrt:21.02.0
-
cpe:2.3:o:openwrt:openwrt:21.02.1
-
cpe:2.3:o:openwrt:openwrt:21.02.2
-
cpe:2.3:o:openwrt:openwrt:21.02.3
-
cpe:2.3:o:openwrt:openwrt:21.02.4
-
cpe:2.3:o:openwrt:openwrt:21.02.5
-
cpe:2.3:o:openwrt:openwrt:21.02.6
-
cpe:2.3:o:openwrt:openwrt:21.02.7
-
cpe:2.3:o:openwrt:openwrt:22.03.0
-
cpe:2.3:o:openwrt:openwrt:22.03.1
-
cpe:2.3:o:openwrt:openwrt:22.03.2
-
cpe:2.3:o:openwrt:openwrt:22.03.3
-
cpe:2.3:o:openwrt:openwrt:22.03.4
-
cpe:2.3:o:openwrt:openwrt:22.03.5
-
cpe:2.3:o:openwrt:openwrt:22.03.6
-
cpe:2.3:o:openwrt:openwrt:22.03.7
-
cpe:2.3:o:openwrt:openwrt:23.05.0
-
cpe:2.3:o:openwrt:openwrt:23.05.1
-
cpe:2.3:o:openwrt:openwrt:23.05.2
-
cpe:2.3:o:openwrt:openwrt:23.05.3
-
cpe:2.3:o:openwrt:openwrt:23.05.4
-
cpe:2.3:o:openwrt:openwrt:23.05.5
-
cpe:2.3:o:openwrt:openwrt:23.05.6
-
cpe:2.3:o:openwrt:openwrt:24.10.0
-
cpe:2.3:o:openwrt:openwrt:24.10.1
-
cpe:2.3:o:openwrt:openwrt:24.10.2
-
cpe:2.3:o:openwrt:openwrt:24.10.3
-
cpe:2.3:o:openwrt:openwrt:24.10.4
-
cpe:2.3:o:openwrt:openwrt:24.10.5
-
cpe:2.3:o:openwrt:openwrt:24.10.6
-
cpe:2.3:o:openwrt:openwrt:25.12.0
-
cpe:2.3:o:openwrt:openwrt:25.12.1
-
cpe:2.3:o:openwrt:openwrt:25.12.2
-
cpe:2.3:o:openwrt:openwrt:25.12.3
-
cpe:2.3:o:openwrt:openwrt:25.12.4