CVE-2026-41285: n/a
OpenBSD versions through 7. 8 contain a vulnerability in the slaacd and rad daemons where receiving a crafted ICMPv6 Neighbor Discovery option with zero length causes an infinite loop. This occurs due to a missing check for zero length before evaluating an expression involving the option length. The issue is triggered over a local network and can cause daemon malfunction.
AI Analysis
Technical Summary
CVE-2026-41285 affects OpenBSD through version 7.8 in the slaacd and rad daemons. When these daemons receive an ICMPv6 Neighbor Discovery option with a length of zero, they enter an infinite loop because the code evaluates the expression "nd_opt_len * 8 - 2" without first verifying that nd_opt_len is non-zero. This lack of validation leads to improper handling of malformed ND options, resulting in a denial of service condition on the affected daemons.
Potential Impact
The vulnerability causes the slaacd and rad daemons to enter an infinite loop upon receiving a crafted ICMPv6 Neighbor Discovery option with zero length. This can lead to denial of service by disrupting these network services on affected OpenBSD systems. There is no indication of remote code execution or privilege escalation. Exploitation requires local network access to send the crafted ICMPv6 packets.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, network administrators should consider limiting ICMPv6 Neighbor Discovery traffic from untrusted sources on local networks to reduce exposure. Monitor vendor channels for updates and apply patches once released.
CVE-2026-41285: n/a
Description
OpenBSD versions through 7. 8 contain a vulnerability in the slaacd and rad daemons where receiving a crafted ICMPv6 Neighbor Discovery option with zero length causes an infinite loop. This occurs due to a missing check for zero length before evaluating an expression involving the option length. The issue is triggered over a local network and can cause daemon malfunction.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-41285 affects OpenBSD through version 7.8 in the slaacd and rad daemons. When these daemons receive an ICMPv6 Neighbor Discovery option with a length of zero, they enter an infinite loop because the code evaluates the expression "nd_opt_len * 8 - 2" without first verifying that nd_opt_len is non-zero. This lack of validation leads to improper handling of malformed ND options, resulting in a denial of service condition on the affected daemons.
Potential Impact
The vulnerability causes the slaacd and rad daemons to enter an infinite loop upon receiving a crafted ICMPv6 Neighbor Discovery option with zero length. This can lead to denial of service by disrupting these network services on affected OpenBSD systems. There is no indication of remote code execution or privilege escalation. Exploitation requires local network access to send the crafted ICMPv6 packets.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, network administrators should consider limiting ICMPv6 Neighbor Discovery traffic from untrusted sources on local networks to reduce exposure. Monitor vendor channels for updates and apply patches once released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-04-20T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e6b73b19fe3cd2cd3f2d24
Added to database: 4/20/2026, 11:31:07 PM
Last enriched: 4/20/2026, 11:46:24 PM
Last updated: 4/21/2026, 1:44:46 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.