Description
WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers can create a specially crafted input file with 238 bytes of data to trigger a buffer overflow condition that causes the application to crash.
Published: 2026-05-30
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

WinMTR version 0.91 contains a buffer overflow vulnerability in its file‑injection logic. By supplying a specially crafted input file with 238 bytes of repeated characters, an attacker can trigger an overflow that causes the application to crash. The result is a denial of service, limiting the user’s ability to perform network diagnostics, but no remote code execution or data compromise is possible with this flaw.

Affected Systems

The vulnerability affects the WinMTR application, specifically version 0.91. No other versions or variants are listed as impacted.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity risk. The EPSS value is not available, and the flaw is not listed in the CISA KEV catalog, suggesting no known widespread exploitation. The likely attack vector is through the ingestion of a malicious payload file, implying that an attacker would need to supply the file locally or arrange for a victim to open it. Once the exploit is executed, the application will terminate, potentially disrupting network monitoring services.

Generated by OpenCVE AI on May 30, 2026 at 16:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WinMTR to the latest version that patches the buffer overflow if one is available
  • If an upgrade is not possible, restrict or disable WinMTR usage to prevent accidental execution of the vulnerable file
  • Deploy application whitelisting or sandboxing to prevent accidental execution of malicious input files

Generated by OpenCVE AI on May 30, 2026 at 16:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers can create a specially crafted input file with 238 bytes of data to trigger a buffer overflow condition that causes the application to crash.
Title WinMTR 0.91 Denial of Service via Buffer Overflow
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-30T14:55:29.422Z

Reserved: 2026-05-30T14:44:38.854Z

Link: CVE-2018-25426

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-30T16:17:03.993

Modified: 2026-05-30T16:17:03.993

Link: CVE-2018-25426

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T16:30:27Z

Weaknesses