CVE-2026-8836 | lwIP up to 2.2.1 snmpv3 USM src/apps/snmp/snmp_msg.c snmp_parse_inbound_frame msgAuthenticationParameters stack-based overflow (Bug 68194)

A vulnerability marked as critical has been reported in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow.

This vulnerability was named CVE-2026-8836. The attack may be initiated remotely. There is no available exploit.

It is suggested to install a patch to address this issue.VulDB Recent EntriesRead More