CVE-2026-9054
Published: 22 May 2026
Summary
CVE-2026-9054 is a critical-severity Improper Handling of Length Parameter Inconsistency (CWE-130) vulnerability in 9Front (inferred from references). Its CVSS base score is 9.2 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 20.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-31403
Vulnerability details
An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Malformed packet handling triggers kernel panic, directly enabling Endpoint DoS via system exploitation.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.