CVE-2026-30873

Name of the Vulnerable Software and Affected Versions OpenWrt Project versions prior to 24.10.6 OpenWrt Project versions prior to 25.12.1

Description The OpenWrt Project, a Linux operating system for embedded devices, contains a memory leak in the jp get token function. This function handles lexical analysis by dividing input into tokens, specifically when processing string literals, field labels, and regular expressions using dynamic memory allocation. The issue occurs when memory allocated for extracted strings in a jp opcode struct is copied to a new jp opcode object via jp alloc op without freeing the original memory, leading to a memory leak.

Recommendations Update to OpenWrt Project version 24.10.6 or later. Update to OpenWrt Project version 25.12.1 or later.