Browse all 10 CVE security advisories affecting OpenWRT. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OpenWRT serves as a Linux-based firmware alternative for embedded networking devices, primarily used to extend router functionality and custom networking solutions. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from web interface components and default configurations. The project maintains a relatively low CVE count compared to commercial alternatives, with current vulnerabilities primarily affecting specific packages rather than the core system. While no major security incidents have been widely documented, the project's open nature allows for rapid vulnerability identification and patching, though users must remain vigilant with updates to mitigate risks associated with third-party package installations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-30874 | OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation — openwrtCWE-187 | 8.8 | - | 2026-03-19 |
| CVE-2026-30873 | OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens — openwrtCWE-401 | 7.5 | - | 2026-03-19 |
| CVE-2026-30872 | OpenWrt Project has a Stack-based Buffer Overflow vulnerability via IPv6 reverse DNS lookup — openwrtCWE-121 | 10.0 | - | 2026-03-19 |
| CVE-2026-30871 | OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query — openwrtCWE-121 | 10.0 | - | 2026-03-19 |
| CVE-2025-62526 | OpenWrt ubusd vulnerable to heap buffer overflow — openwrtCWE-122 | 7.9 | High | 2025-10-22 |
| CVE-2025-62525 | OpenWrt vulnerable to local privilage escalation — openwrtCWE-20 | 7.9 | High | 2025-10-22 |
| CVE-2019-5102 | OpenWrt 信任管理问题漏洞 — OpenWRTCWE-295 | 4.0 | Medium | 2019-11-18 |
| CVE-2019-5101 | OpenWrt 信任管理问题漏洞 — OpenWRTCWE-295 | 4.0 | Medium | 2019-11-18 |
This page lists every published CVE security advisory associated with OpenWRT. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.