OpenBSD PPP Auth Bypass via Zero-Length PAP Input
CVE-2026-55706 Published on June 17, 2026
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.
Vulnerability Analysis
Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW
Weakness Type
Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Products Associated with CVE-2026-55706
Want to know whenever a new CVE is published for OpenBSD? stack.watch will email you.
Affected Versions
OpenBSD:- Before 076e2b1c1fc4ac0883a72d3544131ad5cee7adf8 is affected.
Exploit Probability
EPSS
0.24%
Percentile
14.64%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.