CVE-2026-41285

CVSS 4.3 MEDIUMEPSS 0.2%CWE-1284

In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expression with no preceding check for whether nd_opt_len is zero.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

OpenBSD · OpenBSD

public PoCs found — 1

githubgithub.com/Rat5ak/CVE-2026-41285-OpenBSD-v6daemons-go-brrr★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/openbsd/src/commit/086c5738bcd3c203bcc08d024fcf983cb409115f https://www.openbsd.org/errata78.html https://www.rfc-editor.org/rfc/rfc4861#section-4.6