Skip to main content

Hostapd

2 CVEs product

Monthly

CVE-2026-58374 HIGH PATCH This Week

Denial of service in hostapd 2.11 through pre-2.12 development snapshots (built with CONFIG_IEEE80211BE) lets an unauthenticated attacker within wireless range crash the access-point daemon by sending a crafted Wi-Fi 7 (802.11be) Multi-Link association request. A malformed Multi-Link Element or Per-STA Profile subelement supplies a link_id of 15 that overruns the 15-entry (0-14) links[] array, causing an out-of-bounds write before the 4-way handshake. No public exploit identified at time of analysis; EPSS is low (0.29%, 20th percentile) and CISA SSVC rates exploitation as none.

Buffer Overflow Denial Of Service Hostapd
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-24912 LOW PATCH Monitor

hostapd fails to process crafted RADIUS packets properly. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Code Injection Hostapd
NVD
CVSS 3.0
3.7
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in hostapd 2.11 through pre-2.12 development snapshots (built with CONFIG_IEEE80211BE) lets an unauthenticated attacker within wireless range crash the access-point daemon by sending a crafted Wi-Fi 7 (802.11be) Multi-Link association request. A malformed Multi-Link Element or Per-STA Profile subelement supplies a link_id of 15 that overruns the 15-entry (0-14) links[] array, causing an out-of-bounds write before the 4-way handshake. No public exploit identified at time of analysis; EPSS is low (0.29%, 20th percentile) and CISA SSVC rates exploitation as none.

Buffer Overflow Denial Of Service Hostapd
NVD VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

hostapd fails to process crafted RADIUS packets properly. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Code Injection Hostapd
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy