CVE-2026-41682

EUVD-2026-28846
pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi() cast in parse_uri(). This issue has been patched in version 1.18.5.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
GitHub_MCNA
6.9 MEDIUM
NETWORK
LOW
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
pupnp_projectpupnp
𝑥
< 1.18.5
CNA
Debian logo
Debian Releases
Debian Product
Codename
pupnp
forky
1:1.14.31-1
fixed
sid
1:1.14.31-1
fixed
trixie
no-dsa
Common Weakness Enumeration
References
https://github.com/pupnp/pupnp/commit/def5f9a2bc42f5b3d713e37c516fbe840ce54b7b
https://github.com/pupnp/pupnp/releases/tag/release-1.18.5
https://github.com/pupnp/pupnp/security/advisories/GHSA-q522-6w45-4j58