CVE-2026-56099

OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input

CVSS 6.9 MEDIUMEPSS 0.4%CWE-125

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

openbsd · src

public PoCs found — 1

cve_referencepop.argus-systems.ai/advisory/adv-040.htmlunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/fulldisclosure/2026/Jun/17 https://github.com/openbsd/src/commit/6a23123ec05f1eb29cfcaae0f3a468b2e1983cfd https://pop.argus-systems.ai/advisory/adv-040.html https://www.vulncheck.com/advisories/openbsd-mpls-do-error-kernel-stack-memory-disclosure-via-mpls-input http://www.openwall.com/lists/oss-security/2026/06/19/3