CVE Catalog
CVE-2026-14324
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.18%
7th percentile — higher than 7% of all known CVEs
Summary
The RAOP module accepts unbounded Content-Length values and does not check the return value of pw_array_add().
Risk Assessment
An attacker can send a malicious request with an excessively large Content-Length value, potentially causing buffer overflow or system crash.
Recommendation
Update the RAOP module to the latest version that limits Content-Length values and checks the return of pw_array_add().
Original NVD description (English source)
RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.

