CVE-2026-41285

low-risk

Published 2026-04-21

In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expression with no preceding check for whether nd_opt_len is zero.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (1)

Openbsd

Affected Vendors

Openbsd

References (3)

Patch https://github.com/openbsd/src/commit/086c5738bcd3c203bcc08d024fcf983cb409115f

Product https://www.openbsd.org/errata78.html

Not Applicable https://www.rfc-editor.org/rfc/rfc4861#section-4.6

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal