Back to overview

CVE-2026-15422

CRITICAL
9.1
CVSS 4.0
Description
The illumos SCTP inbound path performs association lookup for INIT ACK chunks without adequately validating the address parameters carried in the chunk. Since this lookup runs during packet classification (i.e. before SCTP integrity checks or IPsec policy are applied) a remote, unauthenticated attacker can send a crafted SCTP INIT ACK packet with malformed address parameters to cause an out-of-bounds access and kernel heap corruption, which may lead to remote code execution. The flaw has existed since 2010 (illumos-gate commit a5407c02), and affects any illumos distribution prior to illumos-gate commit 53a3efde.

Metadata

CVE ID
CVE-2026-15422
State
PUBLISHED
Assigner
illumos
Reserved
2026-07-10 15:20 UTC
Published
2026-07-16 19:29 UTC
Last updated
2026-07-16 19:29 UTC
Primary CWE
CWE-122
CWE-122 Heap-based buffer overflow
Vendor / Product
illumos / illumos-gate
Sources
cve.org  ·  NVD

Severity & Metrics

9.1 CRITICAL CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/S:P/AU:Y/R:U/V:C/RE:H/U:Red
Affected products (3)
VendorProductPlatformVersions
illumos illumos-gate a5407c02d5ed61b29481b9b71f1307d7ebec9e5c < 53a3efdeff8e6745bbfb69c5360f94962fb79e75
OmniOS OmniOS r151058 < r151058j, r151056 < r151056aj, r151054 < r151054bj, any < r151054
Triton Data Center SmartOS any < 202060709
Weakness (CWE)
CWESourceDescription
CWE-122 cna CWE-122 Heap-based buffer overflow
CWE-787 cna CWE-787 Out-of-bounds write
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.1 CRITICAL 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/S:P/AU:Y/R:U/V:C/RE:H/U:Red
Back to overview