CVE-2026-7423 — Denial of Service
CVE-2026-7423 — Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing ping support is enabled, because header sizes are subtracted from a packet length field
What This Means For You
- If your environment is affected by CWE-191, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-7423 updates and patches.
Related ATT&CK Techniques
🛡️ Detection Rules
1 rule · 6 SIEM formats1 detection rule auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
FreeRTOS-Plus-TCP ICMP/ICMPv6 Integer Underflow DoS — CVE-2026-7423
title: FreeRTOS-Plus-TCP ICMP/ICMPv6 Integer Underflow DoS — CVE-2026-7423
id: scw-2026-04-29-ai-1
status: experimental
level: high
description: |
This rule detects potential exploitation of CVE-2026-7423, an integer underflow vulnerability in FreeRTOS-Plus-TCP's ICMP and ICMPv6 echo reply handlers. The vulnerability allows an adjacent network user to cause a denial of service (device crash) by sending crafted ICMP/ICMPv6 echo requests that trigger an out-of-bounds read. This rule specifically looks for network traffic that could be indicative of such an attack, focusing on the source and destination IP addresses and ports involved in network communication, assuming a firewall log source that captures such events. The 'allow' action is a placeholder, as the specific log source might vary, but the presence of network traffic between adjacent IPs and ports is the key indicator for this vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-04-29
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7423/
tags:
- attack.impact
- attack.t1499
logsource:
category: firewall
detection:
selection:
src_ip|exists: true
dst_ip|exists: true
dst_port|exists: true
action|contains:
- 'allow'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7423 | vulnerability | CVE-2026-7423 |
| CWE-191 | weakness | CWE-191 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 29, 2026 at 22:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
AgentFlow RCE Vulnerability (CVE-2026-7466) Allows Local Code Execution
CVE-2026-7466 — AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to...
CVE-2026-7439 — AgentFlow's local web API accepts non-JSON content types on
CVE-2026-7439 — AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass...
CVE-2026-7424: FreeRTOS-Plus-TCP DHCPv6 Vulnerability Leads to DoS
CVE-2026-7424 — Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6...