What is CVE-2026-28525?

CVE-2026-28525 is a medium-severity vulnerability in Sbabic Swupdate, classified under Out-of-bounds Read. CVSS score: 6.8/10. Published 2026-04-23.

How severe is CVE-2026-28525?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Out-of-bounds Read in Sbabic Swupdate

CVE-2026-28525

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_multipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malform…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (17.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H.

Affected products

Sbabic Swupdate — versions 0, beee2dc0feef1cfe84f1aa6fc980e104b2e47a74
Swupdate

Weakness classification (CWE)

References

disclosure@vulncheck.com (Patch, patch)
disclosure@vulncheck.com (Third Party Advisory, third-party-advisory)

Frequently asked questions

What is CVE-2026-28525?: CVE-2026-28525 is a medium-severity vulnerability in Sbabic Swupdate, classified under Out-of-bounds Read. CVSS score: 6.8/10. Published 2026-04-23.
How severe is CVE-2026-28525?: Medium severity. CVSS v3 base score is 6.8 out of 10.