CVE-2026-56099

Severity CVSS v4.0:
MEDIUM
Type:
CWE-125 Out-of-bounds Read
Publication date:
18/06/2026
Last modified:
14/07/2026

Description

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:* 2026-06-18 (excluding)