Vulnerability in Openwrt

CVE-2026-30873

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp_get_token function, which performs lexical analysis by breaking input expressions into tokens, contains a memory…

EPSS: 0.000 (7.3th percentile) — read the EPSS interpretation.

Affected products

Openwrt — versions >= 25.12.0-rc1, < 25.12.1, < 24.10.6

Weakness classification (CWE)

CWE-401 — Missing Release of Memory after Effective Lifetime

References

https://github.com/openwrt/openwrt/security/advisories/GHSA-rcc6-v4r6-gj4m (x_refsource_CONFIRM)
https://github.com/openwrt/openwrt/releases/tag/v24.10.6 (x_refsource_MISC)
https://github.com/openwrt/openwrt/releases/tag/v25.12.1 (x_refsource_MISC)