Nmap <7.99 OOB Read with IPv6 Ext Header CVE-2026-58058
CVE-2026-58058 Published on June 28, 2026
Nmap - Integer Underflow in IPv6 Extension Header Parsing
Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a crafted IPv6 response with a truncated extension header can trigger out-of-bounds reads and a crash during raw IPv6 scans.
Vulnerability Analysis
CVE-2026-58058 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a small impact on availability.
Weakness Type
What is an Integer underflow Vulnerability?
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. This can happen in signed and unsigned cases.
CVE-2026-58058 has been classified to as an Integer underflow vulnerability or weakness.
Products Associated with CVE-2026-58058
Want to know whenever a new CVE is published for Nmap? stack.watch will email you.
Affected Versions
Nmap:- Before and including 7.99 is affected.