Aws · Freertos-Plus-Tcp · CVE-2026-7426
**Name of the Vulnerable Software and Affected Versions**
FreeRTOS-Plus-TCP versions prior to V4.2.6
FreeRTOS-Plus-TCP versions prior to V4.4.1
**Description**
Insufficient validation of the prefix length field during IPv6 Router Advertisement processing allows an adjacent network actor to cause memory corruption. By sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid length, a heap buffer overflow occurs. This issue does not impact users who only process IPv4 Router Advertisements.
**Recommendations**
Upgrade to version V4.2.6 or later.
Upgrade to version V4.4.1 or later.