CVE-2026-7684
Published: 03 May 2026
Summary
CVE-2026-7684 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Notion (inferred from references). Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-7684 is a buffer overflow vulnerability (CWE-119, CWE-120) in the Edimax BR-6428nC router, affecting versions up to 1.16. The flaw impacts an unknown function in the /goform/setWAN file, triggered by manipulation of the pptpDfGateway argument.
Attackers with low privileges can exploit this remotely over the network with low complexity and no user interaction required, as indicated by the CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, likely resulting in remote code execution.
Advisories from VulDB and a public disclosure on a Notion site note that the vendor was contacted early but provided no response or patch. The exploit code has been publicly released, increasing the risk of active exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26822
Vulnerability details
A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway leads to buffer overflow. The attack can be launched remotely. The exploit has…
more
been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the exposed /goform/setWAN web interface of the router directly enables remote exploitation of a public-facing application for initial access and RCE.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation and sanitization of the pptpDfGateway input to the /goform/setWAN function to prevent buffer overflow exploitation.
Implements memory protections like ASLR and DEP to mitigate remote code execution from buffer overflows even if input validation fails.
Mandates timely remediation of identified flaws such as CVE-2026-7684 through patching or compensatory controls given the vendor's lack of response.