Improper Input Validation in OpenThread NAT64 Translator_CVE-2026-8369

6 / 10

MEDIUM

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Description

Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks via crafted IPv4 packets with options.

Basic Information

ID CVE-2026-8369

Source Google

Published May 13, 2026 at 13:36

Modified May 13, 2026 at 14:46

Affected Product

Vendor The OpenThread Authors

Product OpenThread

Version commit 26a882d

Affected Versions The OpenThread Authors OpenThread commit 26a882d

CWE Classification

CWE-20

References

github.com /openthread/openthread/pull/12818

{
    "lastseen": "",
    "description": "Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks via crafted IPv4 packets with options.",
    "published": "2026-05-13T13:36:09.523Z",
    "modified": "2026-05-13T14:46:46.709Z",
    "type": "cve",
    "title": "Improper Input Validation in OpenThread NAT64 Translator",
    "source": "Google",
    "references": "https://github.com/openthread/openthread/pull/12818",
    "id": "CVE-2026-8369",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "The OpenThread Authors OpenThread commit 26a882d",
    "sourceHref": "",
    "cvss": {
        "score": 6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenThread",
    "version": "commit 26a882d",
    "vendor": "The OpenThread Authors",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}