CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-14461

unknowncovered by 2 sourcesfirst seen 2026-07-02
mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME field. ipinfo_lookup() function uses the length of the response as the end-of-message boundary for dn_expand() function. The result is a reliable crash. This issue exists in the mtr through version 0.96 and it was fixed in commit 48e1794414d338ce47abc0f27c25ade8788af9c3.

CSIRTS triage

What
An out-of-bounds read vulnerability exists.
Who is affected
Users of mtr versions are affected.
Urgency
The urgency is unclear due to unknown severity.
Action
Monitor for updates regarding this vulnerability.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-14461

Get an email if CVE-2026-14461 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Advisory coverage (2)

External references

NVD record for CVE-2026-14461

CVE.org record

Embed the live status

CVE-2026-14461 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-14461 status](https://www.csirts.com/badge/CVE-2026-14461)](https://www.csirts.com/cve/CVE-2026-14461)