FreeRTOS-Plus-TCP MAC Spoof Loophole before v4.4.1: CVE-2026-7422 April 2026

MAC Address Validation Bypass in FreeRTOS-Plus-TCP IPv4 and IPv6 Packet Processing
Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection mechanism skips all input validation for packets whose source MAC matches a local endpoint. To mitigate this issue, users should upgrade to the fixed version when available.

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

Products Associated with CVE-2026-7422

Want to know whenever a new CVE is published for Amazon Aws? stack.watch will email you.

FreeRTOS-Plus-TCP MAC Spoof Loophole before v4.4.1
CVE-2026-7422 Published on April 29, 2026

Vulnerability Analysis

Weakness Type

Authentication Bypass by Spoofing

Products Associated with CVE-2026-7422

Affected Versions

FreeRTOS-Plus-TCP MAC Spoof Loophole before v4.4.1CVE-2026-7422 Published on April 29, 2026

Vulnerability Analysis

Weakness Type

Authentication Bypass by Spoofing

Products Associated with CVE-2026-7422

Affected Versions

FreeRTOS-Plus-TCP MAC Spoof Loophole before v4.4.1
CVE-2026-7422 Published on April 29, 2026