PatchSiren cyber security CVE debrief

CVE-2026-5720 Miniupnp Project CVE debrief

CVE-2026-5720 affects miniupnpd from the Miniupnp Project. A malformed SOAPAction header containing a single quote can trigger an integer underflow in ParseHttpHeaders(), which may cause memchr() to scan beyond the allocated HTTP request buffer. The supplied NVD record lists miniupnpd versions before 2.3.10 as vulnerable and rates the issue HIGH (7.1).

Vendor: Miniupnp Project
Product: CVE-2026-5720
CVSS: HIGH 7.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-04-17
Original CVE updated: 2026-05-11
Advisory published: 2026-04-17
Advisory updated: 2026-05-11

Who should care

Administrators and vendors running miniupnpd, especially versions before 2.3.10, should prioritize review. Security teams responsible for embedded devices, routers, and other network appliances that expose miniupnpd-backed services should also pay attention.

Technical summary

The flaw is in SOAPAction header parsing. According to the supplied description, ParseHttpHeaders() performs improper length validation, allowing a parsed length to underflow to a very large unsigned value before being passed to memchr(). That can drive an out-of-bounds memory read past the HTTP request buffer. The provided sources associate the issue with CWE-191 and CWE-125 and describe potential denial of service and information disclosure.

Defensive priority

High. Patch or upgrade first on any exposed miniupnpd deployment, and treat the issue as urgent on systems that process untrusted SOAP traffic or are difficult to monitor. Because the flaw can crash the daemon or expose memory contents, it warrants prompt remediation even though the supplied data does not indicate confirmed exploitation.

Recommended defensive actions

Upgrade miniupnpd to a fixed release at or beyond the version boundary indicated in the supplied CPE data; the vulnerable range ends before 2.3.10.
Review the referenced patch commit and any distribution or appliance guidance to confirm the exact fixed build for your environment.
Restrict access to miniupnpd as much as possible, especially from untrusted networks.
Monitor for crashes, abnormal restarts, and suspicious SOAPAction requests with malformed quoting or other parsing anomalies.
If upgrading is delayed, reduce exposure by tightening firewall and interface-level access to the service.

Evidence notes

The debrief is based only on the supplied NVD record, the CVE metadata, and the referenced upstream and third-party links. The NVD description explicitly names the malformed SOAPAction trigger, the integer underflow in ParseHttpHeaders(), and the resulting out-of-bounds read risk. The NVD metadata also lists miniupnpd before 2.3.10 as vulnerable, includes CWE-191 and CWE-125, and marks the record as 'Undergoing Analysis'.

Official resources

CVE-2026-5720 CVE record
CVE.org
CVE-2026-5720 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected] - Product
Mitigation or vendor reference
[email protected] - Patch
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry

CVE published 2026-04-17 and last modified 2026-05-11. No CISA KEV entry was supplied. The provided NVD record was still marked 'Undergoing Analysis' at the time of the source snapshot.