PatchSiren

Miniupnp Project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Miniupnp Project CVE published 2026-04-17

CVE-2026-5720

CVE-2026-5720 affects miniupnpd from the Miniupnp Project. A malformed SOAPAction header containing a single quote can trigger an integer underflow in ParseHttpHeaders(), which may cause memchr() to scan beyond the allocated HTTP request buffer. The supplied NVD record lists miniupnpd versions before 2.3.10 as vulnerable and rates the issue HIGH (7.1).