PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-16095 Shibby CVE debrief

A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. The function setup_conntrack in /sbin/rc is vulnerable to an out-of-bounds write when manipulating the ct_tcp_timeout argument. This issue can be exploited remotely. The project is superseded by FreshTomato. Users should be aware of the potential risks associated with this vulnerability and take steps to mitigate it.

Vendor
Shibby
Product
Tomato
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-18
Original CVE updated
2026-07-18
Advisory published
2026-07-18
Advisory updated
2026-07-18

Who should care

Users of Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124, as well as administrators and security teams responsible for managing and securing network devices, should be aware of this vulnerability and take steps to mitigate it. This includes applying patches or updates, implementing compensating controls, and monitoring for suspicious activity related to this vulnerability.

Technical summary

The setup_conntrack function in /sbin/rc of Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124 is susceptible to an out-of-bounds write attack due to improper handling of the ct_tcp_timeout argument. This vulnerability has a CVSS score of 8.7 and is classified as HIGH severity. It is recommended that users of this software apply patches or updates from the vendor if available. Affected product deployments should be identified and assigned an owner for follow-up. Compensating controls should be reviewed for exposed systems while remediation is scheduled and verified. Relevant monitoring, detection, and logs for exposed assets should be checked, and exceptions should be tracked and retested. The CVE record was published on 2026-07-18T11:16:43.833Z and has not been modified since then.

Defensive priority

High priority should be given to patching or mitigating this vulnerability due to its high severity and potential for remote exploitation.

Recommended defensive actions

  • Apply patches or updates from the vendor if available
  • Implement compensating controls to limit exposure
  • Monitor for suspicious activity related to this vulnerability
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance

Evidence notes

The CVE record was published on 2026-07-18T11:16:43.833Z and has not been modified since then. The NVD entry is currently in the 'Received' status. This information is based on the provided source corpus. Further verification is recommended to confirm the accuracy of this information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-18T11:16:43.833Z and has not been modified since then. The NVD entry is currently in the 'Received' status.