CVE-2026-41682

Published: Mag 09, 2026 Last Modified: Mag 09, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,9

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi() cast in parse_uri(). This issue has been patched in version 1.18.5.

195

Signed to Unsigned Conversion Error

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity

Potential Impacts:

Unexpected State

Applicable Platforms

Languages: C, C++

View CWE Details

918

Server-Side Request Forgery (SSRF)

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control

Potential Impacts:

Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

View CWE Details

https://github.com/pupnp/pupnp/commit/def5f9a2bc42f5b3d713e…

https://github.com/pupnp/pupnp/commit/def5f9a2bc42f5b3d713e37c516fbe840ce54b7b

https://github.com/pupnp/pupnp/releases/tag/release-1.18.5

https://github.com/pupnp/pupnp/security/advisories/GHSA-q52…

https://github.com/pupnp/pupnp/security/advisories/GHSA-q522-6w45-4j58

CVE-2026-41682

Description

Signed to Unsigned Conversion Error

Common Consequences

Applicable Platforms

Server-Side Request Forgery (SSRF)

Common Consequences

Applicable Platforms

Iscriviti alla newsletter