CVE-2026-41285

MEDIUM

OpenBSD < 7.8 - Denial of Service via Zero-Length ICMPv6 ND Option

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-41285. PoCs published by Rat5ak.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-41285, a DoS vulnerability in OpenBSD's slaacd and rad daemons. The exploit leverages an integer underflow in ND option parsing to trigger an infinite loop with a single crafted ICMPv6 packet.

Description

In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expression with no preceding check for whether nd_opt_len is zero.

Exploits (1)

nomisec WORKING POC
by Rat5ak · poc
https://github.com/Rat5ak/CVE-2026-41285-OpenBSD-v6daemons-go-brrr

This repository contains a functional exploit for CVE-2026-41285, a DoS vulnerability in OpenBSD's slaacd and rad daemons. The exploit leverages an integer underflow in ND option parsing to trigger an infinite loop with a single crafted ICMPv6 packet.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: OpenBSD slaacd and rad (v7.8)
No auth needed
Prerequisites: Same L2 network segment as target · Scapy library · Root/raw socket privileges
devstral-2 · analyzed May 06, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 4.3
EPSS 0.0021
EPSS Percentile 11.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-1284 CWE-835
Status published
Products (2)
OpenBSD/OpenBSD < 7.8
openbsd/openbsd < 7.8
Published Apr 21, 2026
Tracked Since Apr 21, 2026