Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
Debian Linux: Unauthenticated Remote Code Execution
DEBIAN-CVE-2026-8836
Summary
An unauthenticated attacker can execute arbitrary code on Debian Linux systems. This is a significant security risk, as it allows an attacker to take control of the system without needing a password. To protect your systems, apply the latest security patches as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:11 | debian | lwip | All versions |
| Debian:12 | debian | lwip | All versions |
| Debian:13 | debian | lwip | All versions |
| Debian:14 | debian | lwip | All versions |
Original title
A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation ...
Original description
A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be initiated remotely. The patch is named 0c957ec03054eb6c8205e9c9d1d05d90ada3898c. It is suggested to install a patch to address this issue.
- https://security-tracker.debian.org/tracker/CVE-2026-8836 Vendor Advisory
Published: 18 May 2026 · Updated: 24 May 2026 · First seen: 18 May 2026