CVE-2026-39042
Received
Received - Intake
Denial of Service in MikroTik RouterOS
Vulnerability report for CVE-2026-39042, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-13
Last updated on: 2026-07-13
Assigner: MITRE
Description
Description
An issue in MikroTIk (SIA Mikrotikls, Latvia) RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten() function in libumsg.so.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mikrotik | routeros | to 7.21.4 (exc) |
| mikrotik | routeros | to 7.22.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |