Cyber Resilience

CVE-2026-7068

High

Published: 27 April 2026

Published
27 April 2026
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0187 76.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-7068 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Notion (inferred from references). Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 23.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-7068 is a stack-based buffer overflow vulnerability in the NMBD_process function within the sserver.c file of the nmbd component on D-Link DIR-825 routers running firmware version 3.00b32. This flaw, associated with CWE-119 and CWE-120, allows remote attackers to trigger the overflow by sending specially crafted packets to the NetBIOS Name Service. The vulnerability carries a CVSS v3.1 base score of 8.8, reflecting its high severity due to the potential for significant impact.

Attackers on the adjacent network (AV:A) can exploit this vulnerability without authentication (PR:N) or user interaction (UI:N), leading to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). Successful exploitation could enable arbitrary code execution, potentially allowing full compromise of the affected router, such as data theft, modification of configurations, or denial of service.

Advisories from sources like VULDB and a detailed Notion page confirm the exploit is publicly available and note that only end-of-support D-Link DIR-825 devices are affected, with no patches or updates provided by the vendor. The official D-Link website provides general product information but no specific mitigation for this issue.

In notable context, the public availability of the exploit increases the risk of real-world abuse against legacy, unsupported routers still in use on local networks.

EU & UK References

Vulnerability details

A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is…

more

publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Stack-based buffer overflow in NetBIOS Name Service (nmbd) on router allows remote unauthenticated arbitrary code execution from adjacent network, directly enabling exploitation of remote services.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-7913Shared CWE-119, CWE-120
CVE-2026-7069Shared CWE-119, CWE-120
CVE-2024-54887Shared CWE-120
CVE-2025-53888Shared CWE-120
CVE-2025-12618Shared CWE-119, CWE-120
CVE-2025-9023Shared CWE-119, CWE-120
CVE-2024-23968Shared CWE-120
CVE-2026-22627Shared CWE-120
CVE-2025-8170Shared CWE-119, CWE-120
CVE-2025-12240Shared CWE-119, CWE-120

Affected Assets

Notion
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Prohibits use of end-of-support system components like the vulnerable D-Link DIR-825 firmware 3.00b32, directly preventing deployment of unpatchable devices.

prevent

Requires timely remediation of identified flaws such as this buffer overflow, mandating replacement or isolation of affected unsupported routers since no vendor patch exists.

prevent

Enforces boundary protection to monitor and control network traffic, blocking specially crafted NetBIOS packets from adjacent network attackers targeting the nmbd service.

References