CVE-2026-7856
Published: 05 May 2026
Summary
CVE-2026-7856 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Dlink Di-8100 Firmware. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 49.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-7856 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting the D-Link DI-8100 router on firmware version 16.07.26A1. The issue lies in an unknown part of the /url_member.asp file within the Web Management Interface, where manipulation of the "Name" argument triggers the overflow. Published on 2026-05-05, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation by attackers who possess high privileges, such as administrative access to the Web Management Interface. No user interaction is required, and low attack complexity allows a privileged remote attacker to achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution or system crashes via the buffer overflow.
Advisories referenced in VulDB entries and a GitHub report detail the flaw and include a published exploit that may be used. The D-Link website is also listed as a reference source. No specific patches or mitigations are mentioned in the available details, so practitioners should monitor vendor channels for firmware updates and restrict administrative access to the Web Management Interface.
The exploit's public availability on GitHub heightens the risk for unpatched D-Link DI-8100 devices.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-27486
Vulnerability details
A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be…
more
launched remotely. The exploit has been published and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow RCE in authenticated web management interface directly enables T1190 (exploiting the exposed router web app) and T1059.004 (arbitrary command execution on embedded Linux via Unix shell).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces validation of the Name argument in /url_member.asp to block the buffer overflow before it occurs.
Limits the number of accounts holding the high privileges required to reach and exploit the web-management flaw.
Requires timely application of vendor firmware patches that eliminate the published buffer-overflow vulnerability.