CVE-2026-42799: ASR Kestrel Out-of-Bounds Read Flaw Exposes Systems
The National Vulnerability Database has disclosed CVE-2026-42799, a critical out-of-bounds read vulnerability affecting ASR Kestrel devices prior to February 10, 2026. This flaw resides within the nr_fw modules, specifically tied to the NrPwrCtrl.C file, and can lead to buffer overflows. The CVSS score of 7.4 (HIGH) underscores the severity, as it allows for network-based attacks with low complexity and no user interaction, potentially leading to data leakage or system compromise.
This vulnerability presents a significant risk for organizations deploying ASR Kestrel devices. The ability for an unauthenticated attacker to exploit this flaw remotely with minimal effort means that unpatched systems are prime targets. Defenders must prioritize patching these devices to mitigate the risk of data exfiltration or manipulation, which could have cascading effects on network integrity and operational continuity.
What This Means For You
- If your organization uses ASR Kestrel devices, immediately verify firmware versions and schedule an urgent upgrade to patch CVE-2026-42799. Review network logs for any unusual activity originating from or targeting these devices, especially in the lead-up to the patch release date.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-42799: ASR Kestrel Out-of-Bounds Read in NrPwrCtrl.C
title: CVE-2026-42799: ASR Kestrel Out-of-Bounds Read in NrPwrCtrl.C
id: scw-2026-04-30-ai-1
status: experimental
level: high
description: |
This rule detects the execution of NrPwrCtrl.exe with a command line that attempts to exploit the CVE-2026-42799 vulnerability. The out-of-bounds read flaw in ASR Kestrel's nr_fw modules, specifically in Code/Nr/nr_fw/RA/src/NrPwrCtrl.C, can be triggered by crafted inputs that lead to buffer overflows. This detection focuses on the specific executable and a common pattern used in path traversal exploits to access sensitive system files.
author: SCW Feed Engine (AI-generated)
date: 2026-04-30
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-42799/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: process_creation
detection:
selection:
Image|endswith:
- 'NrPwrCtrl.exe'
CommandLine|contains:
- '..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\system32\cmd.exe'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-42799 | Vulnerability | CVE-2026-42799 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 30, 2026 at 12:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
ColorOS Assistant CVE-2026-22070: Unauthenticated Path Traversal Risk
CVE-2026-22070 — ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.
CVE-2026-6521 — Denial of Service
CVE-2026-6521 — OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6520 — Denial of Service
CVE-2026-6520 — OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service