CVE-2026-7668
Published: 02 May 2026
Summary
CVE-2026-7668 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-7668 is an out-of-bounds read vulnerability in MikroTik RouterOS version 6.49.8. It affects the ASN1_STRING_data function in the nova/lib/www/scep.p library of the SCEP Endpoint component, triggered by manipulation of the transactionID or messageType arguments.
The vulnerability enables remote exploitation with network access, low attack complexity, no privileges, and no user interaction required, as indicated by its CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Attackers can achieve limited impacts on confidentiality, integrity, and availability. A public exploit is available and might be used.
Advisories referenced in VulDB entries (vuln/360804 and related pages) and a GitHub issue detail the vulnerability but note that the vendor was contacted early without any response, implying no official patches or mitigation guidance are available as of disclosure on 2026-05-02.
Exploitation is associated with CWEs-119 (improper restriction of operations within bounds) and CWE-125 (out-of-bounds read), with potential for real-world use given the public exploit.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26801
Vulnerability details
A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated remotely. The…
more
exploit is publicly available and might be used. You should upgrade the affected component. The vendor recommends to "use the latest v6.x or 7.x MikroTik RouterOS version, the reported issue should be fixed there."
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an unauthenticated remote out-of-bounds read in the publicly accessible SCEP endpoint of MikroTik RouterOS, directly enabling exploitation of a public-facing application as described in T1190.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of vendor patches or upgrades to eliminate the vulnerable ASN1_STRING_data code path in RouterOS SCEP.
Enforces validation of untrusted inputs (transactionID/messageType) before they reach ASN1_STRING_data, blocking the out-of-bounds read trigger.
Restricts network access to the exposed SCEP endpoint, reducing the remote attack surface for the publicly disclosed exploit.