Description
Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection mechanism skips all input validation for packets whose source MAC matches a local endpoint.



To mitigate this issue, users should upgrade to the fixed version when available.
Published: 2026-04-29
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

FreeRTOS-Plus‑TCP omits checksum and minimum‑size checks for packets whose Ethernet source MAC matches a local endpoint. An adjacent actor can spoof such a MAC, causing the loopback detection to skip all validation. This bypass allows the device to process crafted packets that would otherwise be rejected, potentially leading to denial of service or other malicious outcomes.

Affected Systems

AWS FreeRTOS‑Plus‑TCP versions earlier than 4.2.6 for IPv4 and earlier than 4.4.1 for IPv6 are affected. The vulnerability exists in all builds that have the incomplete packet validation logic before these releases.

Risk and Exploitability

The CVSS score of 7.1 categorises the issue as High severity. EPSS data is unavailable, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is network‑based; an unauthenticated actor on the same link can send spoofed frames to trigger the bypass. No special privileges or remote code execution are explicitly required, but the impact could compound with other bugs in the stack.

Generated by OpenCVE AI on April 30, 2026 at 03:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the vendor‑proposed fixed firmware, upgrading to FreeRTOS‑Plus‑TCP v4.2.6 for IPv4 or v4.4.1 for IPv6.
  • Implement network isolation or MAC filtering on the segment where the device resides to prevent untrusted hosts from sending frames with spoofed addresses.
  • Continuously monitor and audit traffic for anomalous packets; configure alarms for excessive or malformed traffic that may indicate attempted MAC spoofing.

Generated by OpenCVE AI on April 30, 2026 at 03:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 29 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Description Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection mechanism skips all input validation for packets whose source MAC matches a local endpoint. To mitigate this issue, users should upgrade to the fixed version when available.
Title MAC Address Validation Bypass in FreeRTOS-Plus-TCP IPv4 and IPv6 Packet Processing
Weaknesses CWE-290
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMZN

Published:

Updated: 2026-04-29T19:07:31.899Z

Reserved: 2026-04-29T14:27:48.592Z

Link: CVE-2026-7422

cve-icon Vulnrichment

Updated: 2026-04-29T19:07:28.207Z

cve-icon NVD

Status : Received

Published: 2026-04-29T19:16:26.487

Modified: 2026-04-29T19:16:26.487

Link: CVE-2026-7422

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T04:00:15Z

Weaknesses