CVE-2026-7069

High

Published: 27 April 2026

Published

27 April 2026

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0007 21.0th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7069 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Notion (inferred from references). Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 21.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SA-22 Unsupported System Components good match

prevent

Prohibits the use of unsupported system components like the end-of-life D-Link DIR-825 routers affected by this vulnerability.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and remediation of flaws such as this buffer overflow, including replacement of unpatchable EOL devices.

SI-10 Information Input Validation good match

prevent

Mandates validation of information inputs like NewPortMappingDescription to prevent buffer overflows in the miniupnpd component.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in miniupnpd UPnP AddPortMapping function allows RCE from adjacent network on the router, directly enabling exploitation of remote services.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to…

be approached within the local network. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

Deeper analysisAI

CVE-2026-7069 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting D-Link DIR-825 routers with firmware versions up to 3.00b32. The flaw resides in the AddPortMapping function within the upnpsoap.c file of the miniupnpd component, where manipulation of the NewPortMappingDescription argument triggers the overflow.

Attackers on the adjacent network (AV:A) with low privileges (PR:L) can exploit this without user interaction (UI:N), earning a CVSS v3.1 base score of 8.0 (High) due to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). Successful exploitation could allow arbitrary code execution, potentially leading to full device compromise.

The vulnerability impacts products no longer supported by the maintainer, so no official patches or mitigations are available from advisories. References from VulDB and a Notion proof-of-concept detail the issue, while D-Link's site provides general product information; practitioners should isolate or retire affected devices. An exploit has been publicly released.