CRITICAL
lwIP
CVE published 2026-05-18
CVE-2026-8836
A critical stack-based buffer overflow vulnerability exists in lwIP's SNMPv3 USM handler. The flaw resides in the snmp_parse_inbound_frame function within src/apps/snmp/snmp_msg.c, where improper handling of the msgAuthenticationParameters argument allows remote attackers to trigger memory corruption. This vulnerability affects lwIP versions up to and including 2.2.1. The attack vector is network-based wi [truncated]