In OpenBSD EUVD-2026-23996

| CVE-2026-41285 MEDIUM

Improper Validation of Specified Quantity in Input (CWE-1284)

2026-04-21 [email protected]

Denial Of Service

4.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Apr 21, 2026 - 00:39 vuln.today

DescriptionNVD

In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expression with no preceding check for whether nd_opt_len is zero.

AnalysisAI

Denial-of-service in OpenBSD slaacd and rad daemons allows local network attackers to trigger infinite loops by sending crafted ICMPv6 Neighbor Discovery packets with zero-length options, causing affected daemons to hang due to missing validation of the nd_opt_len field before arithmetic operations. OpenBSD versions through 7.8 are affected. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-23996 vulnerability details – vuln.today

Back

In OpenBSD EUVD-2026-23996

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code