PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55490 openwrt CVE debrief

CVE-2026-55490 is an integer underflow vulnerability in OpenWrt's Emergency Access Daemon. Before v25.12.5, an unauthenticated attacker on the local network can crash the daemon by sending a single crafted UDP packet. The message length underflows before a bounds check and is then passed to memcpy as a very large size. This issue is fixed in v25.12.5. The vulnerability has a CVSS score of 6.5 and is classified as MEDIUM severity. Users of OpenWrt versions before v25.12.5 should update to the latest version to prevent potential crashes. This vulnerability requires immediate attention from operators of OpenWrt deployments to ensure system stability and security.

Vendor
openwrt
Product
Unknown
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-07
Original CVE updated
2026-07-07
Advisory published
2026-07-07
Advisory updated
2026-07-07

Who should care

Users of OpenWrt versions before v25.12.5 should update to the latest version to prevent potential crashes of the Emergency Access Daemon. This update is crucial for operators managing OpenWrt deployments, as it addresses a medium-severity vulnerability that could be exploited by unauthenticated attackers on the local network. Security teams and platform administrators should prioritize this update to maintain the security and stability of their systems.

Technical summary

The vulnerability exists in the handle_send_a() function of the Emergency Access Daemon in OpenWrt. An integer underflow occurs when processing a crafted UDP packet, allowing an unauthenticated attacker on the local network to crash the daemon. The issue arises from the message length underflowing before a bounds check and being passed to memcpy as a very large size. This issue affects OpenWrt versions before v25.12.5 and has been fixed in v25.12.5. Users of affected versions should update to prevent potential crashes of the Emergency Access Daemon.

Defensive priority

Medium-High

Recommended defensive actions

  • Update OpenWrt to version v25.12.5 or later
  • Restrict access to the Emergency Access Daemon to only trusted networks
  • Monitor for unusual UDP packet activity on the local network
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record was published on 2026-07-07T22:16:54.060Z and has not been modified since then. The NVD entry is currently 6.5 MEDIUM. The vulnerability exists in OpenWrt versions before v25.12.5. Users should verify their deployments and update to the latest version to prevent potential crashes of the Emergency Access Daemon. Evidence is limited to public CVE and NVD details. Defenders should verify OpenWrt versions in their environment and ensure they are updated to v25.12.5 or later.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T22:16:54.060Z and has not been modified since then.