← back
CVE-2026-55706

CVE-2026-55706

CVSS 5.8 MEDIUMEPSS 0.2%CWE-1284
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Affected products
OpenBSD · OpenBSD
public PoCs found1
cve_referenceblog.argus-systems.ai/blog/poc-001-pap-bypass.pyunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.htmlhttps://blog.argus-systems.ai/blog/poc-001-pap-bypass.pyhttps://github.com/openbsd/src/commit/076e2b1c1fc4ac0883a72d3544131ad5cee7adf8https://www.openwall.com/lists/oss-security/2026/06/16/9