What is the CVSS score of CVE-2026-42800?

CVE-2026-42800 has a CVSS 3.1 base score of 7.4 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of ASR Lapwing Linux are affected by CVE-2026-42800?

CVE-2026-42800 is a NULL pointer dereference in ASR Lapwing Linux's IMS client that allows authenticated remote attackers to crash the SIP service and potentially execute code with elevated…

ASR Lapwing Linux CVE-2026-42800

EUVD-2026-26360 HIGH

NULL Pointer Dereference (CWE-476)

2026-04-30 ASR

Denial Of Service Null Pointer Dereference

7.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Apr 30, 2026 - 10:15 vuln.today

EUVD ID Assigned

Apr 30, 2026 - 10:00 euvd

EUVD-2026-26360

Analysis Generated

Apr 30, 2026 - 10:00 vuln.today

CVE Published

Apr 30, 2026 - 08:52 nvd

HIGH 7.4

DescriptionNVD

NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation.

This vulnerability is associated with program files sip/utils/src/sipuri.c.

AnalysisAI

NULL pointer dereference in ASR Lapwing Linux's IMS client (sipuri.c) allows authenticated remote attackers to trigger service crashes and potentially execute code with changed scope. The vulnerability exists in the SIP URI parsing logic of the ASR1903 hardware platform's ims_client module. …

RemediationAI

Within 24 hours: Inventory all ASR1903 platforms running IMS client and validate current firmware versions against ASR Lapwing Linux release notes; restrict network access to SIP URI parsing endpoints to trusted internal networks only. Within 7 days: Implement protocol-level filtering to block malformed SIP URIs at ingress points; monitor IMS client process logs for crashes or unexpected restarts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-42800 vulnerability details – vuln.today

Back