CVE Catalog

CVE-2026-1681

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

1th percentile - higher than 1% of all known CVEs

Summary

A vulnerability in the operating system allows a stack overflow by sending an ICMP ping to the device's own IPv4 address using the `net ping` command. This causes recursive processing of the packet in the network stack, leading to a stack overflow in the system work-queue stack.

Risk Assessment

An attacker can exploit this vulnerability to cause a system crash (DoS) by sending a specially crafted ping to the local device address.

Recommendation

It is recommended to immediately update the system to a version containing a fix for this vulnerability. Until the update is applied, restrict the ability to execute the `net ping` command for unauthorized users.

Original NVD description (English source)

Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are processed inline before the current frame returns. The nested input-path frames exceed the work-queue stack and trigger a stack overflow.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS