NVD CRITICAL: CVE-2026-8836 — A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_par...

Monday, May 18, 2026 at 07:16 PM UTC·Source: NIST NVD

Updated: Monday, May 18, 2026 at 08:00 PM UTC

Executive Summary

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be initiated remotely. The patch is named 0c957ec03054eb6c8205e9c9d1d05d90ada3898c. It is suggested to i

Analysis

Indicators of Compromise (2)

SHA-1 (1)

0c957ec03054eb6c8205e9c9d1d05d90ada3898c

VirusTotal AnyRun Joe Sandbox

CVE (1)

CVE-2026-8836

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 18, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

More than 200 arrested in cyber raids aimed at Middle East scam networks

Investigators found hundreds of compromised devices that were used as part of the cybercriminal operation and notified device owners as part of the raids.

9m agoThe Record

CRITICALVulnerabilityNEW

Microsoft May security patch fails for some due to boot partition size glitch

“Something didn’t go as planned. Undoing changes.” That’s all the clue some Windows 11 users will get when Microsoft’s May Security Update fails to install because of insufficient free space on the EFI System Partition (ESP), leaving their systems unprotected by the dozens of patches it contained. This issue affects devices with limited free space available — typically 10MB or less — on the ESP. “

50m agoCSO Online

MEDIUMVulnerability

Shai-Hulud Worm Clones Spread After Code Release

The release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm could scale.

1h agoDark Reading