CVE-2026-13351

Zephyr’s IPv6 network stack is vulnerable to a denial-of-service caused by fragmented IPv6 packets. In the fragment-header processing path, the RX network packet buffer allocated from a memory slab is not released back to the pool after handling malicious fragments. Repeating such packets exhaust...

CVE-2026-13351 net: Maliciously fragmented IPv6 packets can prevent receiving/processing future incoming packets

Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragmented IPv6 packets. When such a packet is handled by the fragment-header processing path, the associated RX network packet buffer allocated from a memory...

CVE-2026-12760

The CVE-2026-12760 vulnerability affects TP-Link Tapo C200 (v3) in the network packet handling path. It arises from improper handling of IPv4 fragmented packets, allowing an unauthenticated adjacent attacker to send crafted fragments to cause excessive resource usage, leading to a temporary DoS c...

CVE-2026-12760 Denial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo C200

A denial-of-service DoS vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets. An unauthenticated adjacent attacker can send crafted packets to cause excessive resource consumption, leading to instability of the...

CVE-2026-52916

The CVE-2026-52916 issue affects the Linux kernel’s BATMAN-adv fragment handling. batadv_frag_skb_buffer() is invoked when a BATADV_UNICAST_FRAG packet is received, and after defragmentation, batadv_batman_skb_recv() processes the payload again. A malicious sender could craft a BATADV_UNICAST_FRA...

CVE-2026-52916

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once all fragments are collected and the packet is reassembled,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtio-net: A overflow occurred within the virtnetrqalloc function. When a fragment receives only one page, it may lead to regressions in the virtual machine. This issue is particularly significant if the sysctl...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mt76: mt7996 – Drop fragments with multicast or broadcast RA. IEEE 802.11 fragmentation can only be applied to unicast frames. Therefore, fragments are dropped during multicast or broadcast RA. This patch addresses...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loops when trying to resize the local TT. If the MTU of one of the attached interfaces becomes too small to transmit the local translation table, then it must be resized to fit within all fragments when...

EUVD-2026-37752

undici WebSocket client vulnerable to denial of service via cumulative fragment bypass...

Allocation of Resources Without Limits or Throttling

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of fragmented WebSocket messages. An attacker can cause unbounded memory growth and exhaust system...

SUSE CVE-2026-46340

Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...

CVE-2026-46340

Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...

CVE-2026-46323

In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...

Linux Distros Unpatched Vulnerability : CVE-2026-46321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tun: free page on short-frame rejection in tunxdpone tunxdpone returns -EINVAL on a frame shorter than ETHHLEN without freeing the page that vhostnetbuildxdp...

PT-2026-47552

For each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping the previous accumulator and the new slice into a new CompositeByteBuf every time. After N fragments the accumulator is an N-deep chain of composites, each holding...

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter...

Linux Distros Unpatched Vulnerability : CVE-2026-45952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: Add validation for MTU changes Increasing the MTU beyond the HDS threshold cause...

New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"

State of AI Usage Report 2026 full report here by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across...

SUSE CVE-2026-45952

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: Add validation for MTU changes Increasing the MTU beyond the HDS threshold causes the hardware to fragment packets across multiple buffers. If a single-buffer XDP program is attached, the driver will drop all multi-fr...