MikroTik Network equipment company which makes routers, switches, access points, etc.

Known Exploited MikroTik Vulnerabilities

The following MikroTik vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 3 vulnerabilities in MikroTik with an average score of 7.1 out of ten. Last year, in 2025 MikroTik had 7 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in MikroTik in 2026 could surpass last years number. Last year, the average CVE base score was greater by 2.30

Recent MikroTik Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2024-27686	May 08, 2026	Mikrotik RouterOS SMB DoS v6.40-6.49 (fixed in 7) Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445.	Routeros
CVE-2025-42611	May 05, 2026	RouterOS <=6.47 cert validation bypass via shared trust store RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X), among others. The vulnerability lies in shared certificate validation logic which uses the system certificate store that is shared and equally trusted by all system services. This causes confusion of scope, allowing any certificate authority present in the system-wide trust store to be trusted in any context (with some exceptions), allowing partial or full authentication bypass in CAPsMAN, OpenVPN, Dot1X and potentially others.	Routeros
CVE-2026-7668	May 02, 2026	MikroTik RouterOS 6.49.8 OOB Read in SCEP Endpoint (ASN1_STRING_data) A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.	Routeros
CVE-2025-61481	Oct 27, 2025	RouterOS 7.14.2 RCE via HTTP-Only WebFig An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrators browser and intercept credentials.	Routeros
CVE-2025-10948	Sep 25, 2025	RouterOS 7 BOF via parse_json_element in libjson.so A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.20.1 and 7.21beta2 mitigates this issue. You should upgrade the affected component. The vendor replied: "Our bug tracker reports that your issue has been fixed. This means that we plan to release a RouterOS update with this fix. Make sure to upgrade to the next release when it comes out."	Routeros
CVE-2025-6563	Jul 03, 2025	MikroTik RouterOS XSS via hotspot dst <7.19.2 A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also be converted to a GET request, allowing an attacker to send a specifically crafted URL that automatically logs in the victim (into the attacker's account) and triggers the payload.	Routeros
CVE-2023-47310	Jun 30, 2025	RouterOS 7 before v7.14 allows IPv6 UDP traceroute A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets.	Routeros
CVE-2025-6443	Jun 25, 2025	RouterOS VXLAN Source IP Improper Access Control Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of remote IP addresses when processing VXLAN traffic. The issue results from the lack of validation of the remote IP address against configured values prior to allowing ingress traffic into the internal network. An attacker can leverage this vulnerability to gain access to internal network resources. Was ZDI-CAN-26415.	Routeros
CVE-2024-54952	May 29, 2025	MikroTik RouterOS 6.40.5 SMB memory corruption DoS MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unavailable.	Routeros
CVE-2024-54772	Feb 11, 2025	MikroTik RouterOS Winbox Account Enumeration v6.43v7.17.2 Fixed in 6.49.18 An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those with an invalid username allows attackers to enumerate for valid accounts.	Routeros