6
CVEs
0
Critical
4
High
0
KEV
3
PoC
4
Unpatched C/H
0.0%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
4
MEDIUM
2
LOW
0
Monthly CVE Trend
Affected Products (7)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2024-27686 | Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.5 | 0.2% | 58 |
PoC
No patch
|
| CVE-2025-10948 | A vulnerability has been found in MikroTik RouterOS 7. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.4 | 0.2% | 57 |
PoC
No patch
|
| CVE-2026-7668 | Out-of-bounds read in MikroTik RouterOS 6.49.8 SCEP endpoint allows remote unauthenticated attackers to trigger memory disclosure and potential service disruption via malformed transactionID or messageType parameters. Public exploit code exists on GitHub. CVSS 7.3 reflects network-accessible attack surface with low complexity, though impact is rated limited across confidentiality, integrity, and availability. Vendor non-responsive to coordinated disclosure attempts. | MEDIUM | 5.5 | 0.0% | 48 |
PoC
No patch
|
| CVE-2026-48695 | OS command injection in FastNetMon Community Edition through 1.2.9 lets an authenticated network attacker execute arbitrary shell commands via the MikroTik router integration plugin by influencing argv[] values passed to the unsanitized _log() function. The flaw mirrors a previously disclosed Juniper plugin issue in the same project, and while a public technical write-up exists at lorikeetsecurity.com, no public exploit code or active exploitation has been identified, with EPSS at 0.05% (17th percentile). | HIGH | 8.1 | 0.1% | 41 |
No patch
|
| CVE-2026-39042 | Denial of service in MikroTik RouterOS 7.21.x (before 7.21.4) and 7.22.x (before 7.22.2) allows a remote unauthenticated attacker to crash the core inter-process communication layer by triggering an integer overflow in the unflatten() function of the bundled libumsg.so library. Successfully exploiting it disrupts device availability without touching data confidentiality or integrity. There is no public exploit identified at time of analysis, though a third-party research blog documents the underlying integer overflow; EPSS is low at 0.20% (10th percentile). | HIGH | 7.5 | 0.2% | 38 |
No patch
|
| CVE-2025-42611 | RouterOS fails to properly validate certificate scope across its shared system certificate store, allowing any trusted certificate authority to authenticate in contexts beyond its intended scope. This vulnerability enables partial or full authentication bypass in OpenVPN, CAPsMAN, and 802.1X (Dot1x) services, affecting all RouterOS versions that use the vulnerable shared certificate validation logic. The vulnerability requires network access but no user interaction or authentication, making it remotely exploitable against default configurations. | MEDIUM | 6.5 | 0.0% | 33 |
No patch
|