MITRE assigned CVE-2026-58374 with a CVSS score of 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
-- Abhinav On Mon, Jun 29, 2026 at 7:50 PM Abhinav Agarwal <[email protected]> wrote: > > A Wi-Fi 7 / IEEE 802.11be MLD parsing issue in hostapd AP mode has > been fixed upstream: > > https://w1.fi/security/2026-1/missing-ml-parsing-validation.txt > > Issue: > Missing link ID validation in hostapd_process_ml_assoc_req() > (src/ap/ieee802_11_eht.c). link_id is masked with 0x000f > (values 0-15), but links[] only has valid entries 0..14 > (MAX_NUM_MLD_LINKS=15). A crafted Per-STA Profile with > link_id=15 can write past the end of links[] during association > processing. > > This is reachable before the 4-way handshake; no credentials are > required. An attacker within radio range can trigger it with a > crafted association request. > > Affected: > hostapd v2.11 and newer repository snapshots before v2.12, built > with CONFIG_IEEE80211BE and running Wi-Fi 7 / MLD AP configuration. > > Impact: > hostapd process termination / denial of service, and small memory > corruption, per the upstream advisory. > > Fix: > > https://git.w1.fi/cgit/hostap/commit/?id=46dd5a4ffc9bcf44cf8fc45120b3e1e5ec922187 > > Additional related fixes are listed in the upstream advisory. > > Mitigation: > Update to hostapd v2.12 or newer once available, or apply the > upstream fixes and rebuild. > > CVE status: > CVE assignment requested from MITRE under CAN-2026-2032030 > > Credit: > The upstream advisory credits Sebastián Alba Vives, with independent > discovery and report by Abhinav Agarwal. > > Timeline: > 2026-05-14 reported to upstream > 2026-06-05 upstream published security advisory > > -- > Abhinav Agarwal
