CVE-2026-5720
Integer Underflow in miniupnpd SOAPAction Parsing Causes DoS, Data Leak
Publication date: 2026-04-17
Last updated on: 2026-05-04
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| miniupnp | miniupnpd | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in miniupnpd is an integer underflow issue in the parsing of the SOAPAction header. When a remote attacker sends a malformed SOAPAction header containing a single quote, the length calculation underflows, resulting in a very large unsigned value. This causes the function ParseHttpHeaders() to perform an out-of-bounds memory read by scanning memory beyond the allocated HTTP request buffer.
How can this vulnerability impact me? :
This vulnerability can be exploited by remote attackers to cause a denial of service or to disclose information. The out-of-bounds memory read triggered by the malformed SOAPAction header can lead to the process crashing or leaking sensitive information from memory.