What is CVE-2026-5720?

CVE-2026-5720 is a critical-severity vulnerability in Miniupnp Project Miniupnpd, classified under Out-of-bounds Read. CVSS score: 9.1/10. Published 2026-04-17.

How severe is CVE-2026-5720?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Out-of-bounds Read in Miniupnp Project Miniupnpd

CVE-2026-5720

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (17.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H.

Affected products

Miniupnp Project Miniupnpd — versions 0
Miniupnp_project Miniupnpd

Weakness classification (CWE)

References

disclosure@vulncheck.com (Product, product)
github.com/miniupnp/miniupnp/commit/b5e5d2eb069822b7f00d56c8e61033b9d500e60c
disclosure@vulncheck.com (VDB Entry, Third Party Advisory, third-party-advisory)
disclosure@vulncheck.com (Patch, patch)

Frequently asked questions

What is CVE-2026-5720?: CVE-2026-5720 is a critical-severity vulnerability in Miniupnp Project Miniupnpd, classified under Out-of-bounds Read. CVSS score: 9.1/10. Published 2026-04-17.
How severe is CVE-2026-5720?: Critical severity. CVSS v3 base score is 9.1 out of 10.