PatchSiren cyber security CVE debrief

CVE-2026-49494 Comodo CVE debrief

CVE-2026-49494 is a HIGH-severity vulnerability in Comodo Internet Security's firewall driver Inspect.sys. The vulnerability is caused by an integer underflow in the IPv6 packet parser, which can be triggered by a remote, unauthenticated attacker sending a crafted IPv6 packet. This can lead to a system crash (BSOD) at DISPATCH_LEVEL in the Windows kernel.

Vendor: Comodo
Product: Comodo Internet Security
CVSS: HIGH 8.7
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-07
Original CVE updated: 2026-06-08
Advisory published: 2026-06-07
Advisory updated: 2026-06-08

Who should care

Users of Comodo Internet Security are advised to apply patches or mitigations to prevent exploitation of this vulnerability.

Technical summary

The Inspect.sys driver in Comodo Internet Security contains an integer underflow vulnerability in its IPv6 packet parser. The parser incorrectly decrements an unsigned 64-bit payload-length value from the IPv6 fixed header's payload length field by the size of each IPv6 extension header without validation. A crafted IPv6 packet with a declared payload length smaller than the sum of its extension-header lengths can underflow the value to a near-maximal 64-bit integer. This occurs before firewall rule enforcement, allowing a remote attacker to trigger an out-of-bounds read and oversized memcpy in the Windows kernel at DISPATCH_LEVEL, resulting in a system crash (BSOD).

Defensive priority

HIGH

Recommended defensive actions

Apply patches or updates provided by Comodo Internet Security to address the vulnerability in Inspect.sys.
Implement network filtering to block suspicious IPv6 packets.
Monitor system logs for signs of exploitation attempts.

Evidence notes

Vendor and product information is not definitively known. The CVE record and NVD detail pages provide additional context.

Official resources

CVE-2026-49494 was published on 2026-06-07T13:16:20.927Z and modified on 2026-06-08T15:03:05.330Z.