FreeRTOS-Plus-TCP <4.2.6, <4.4.1 IPv6 RA Prefix Length Overflow
CVE-2026-7426 Published on April 29, 2026
Out-of-Bounds Write via Unsanitized Prefix Length in Router Advertisement Processing in FreeRTOS-Plus-TCP
Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid length, resulting in a heap buffer overflow. Users processing IPv4 RA only are not impacted.
To mitigate this issue, users should upgrade to the fixed version when available.
Vulnerability Analysis
Weakness Type
What is a Memory Corruption Vulnerability?
The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
CVE-2026-7426 has been classified to as a Memory Corruption vulnerability or weakness.
Products Associated with CVE-2026-7426
Want to know whenever a new CVE is published for Amazon Aws? stack.watch will email you.
Affected Versions
AWS FreeRTOS-Plus-TCP:- Version 4.0.0 and below 4.2.6 is affected.
- Version 4.3.0 and below 4.4.1 is affected.
- Version 4.2.6 is unaffected.
- Version 4.4.1 is unaffected.