CVE-2026-1681

Published: Mag 12, 2026 Last Modified: Mag 12, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,1

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: none

Integrity: low

Availability: high

Description

AI Translation Available

Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are processed inline before the current frame returns. The nested input-path frames exceed the work-queue stack and trigger a stack overflow.

674

Uncontrolled Recursion

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Confidentiality

Potential Impacts:

Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Read Application Data

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/zephyrproject-rtos/zephyr/security/advis…

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-6fcc-8rwr…

CVE-2026-1681

Description

Uncontrolled Recursion

Common Consequences

Applicable Platforms

Iscriviti alla newsletter