PT-2026-44885 · Shibby · Tomato

Cormac315

Published

2026-05-29

Updated

2026-05-29

CVE-2026-10066

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub 9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.

Fix

Buffer Overflow

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-121

Related Identifiers

CVE-2026-10066

Affected Products

Tomato

PT-2026-44885 · Shibby · Tomato

CVE-2026-10066

Weakness Enumeration

Related Identifiers

Affected Products

References · 5