CVE Catalog

CVE-2026-14324

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile — higher than 7% of all known CVEs

Summary

The RAOP module accepts unbounded Content-Length values and does not check the return value of pw_array_add().

Risk Assessment

An attacker can send a malicious request with an excessively large Content-Length value, potentially causing buffer overflow or system crash.

Recommendation

Update the RAOP module to the latest version that limits Content-Length values and checks the return of pw_array_add().

Original NVD description (English source)

RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS