CVE-2026-56099 MEDIUM

CVE-2026-56099: OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input

Vendor Openbsd
Product src
Weakness CWE-125
Published June 18, 2026
Last update June 21, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set.

Key dates

02Disclosure timeline

June 18, 2026 CVE published
June 21, 2026 Record updated