PT-2026-40612 · Unknown · Openthread
Published
2026-05-13
·
Updated
2026-05-13
·
CVE-2026-8369
CVSS v4.0
6.0
Medium
| Vector | AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
OpenThread versions prior to commit 26a882d
Description
Improper input validation in the NAT64 translator allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks by using crafted IPv4 packets with options. NAT64 is a mechanism that allows IPv6-only devices to communicate with IPv4-only devices by translating the packet headers.
Recommendations
Update OpenThread to commit 26a882d or a newer version.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openthread