Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Fedora 43 miniupnpd Critical Denial of Service Information Leak Alert

fedora
Calendar Grey April 30, 2026
Dist Fedora Esm H88
Fedora 43 miniupnpd update fixes denial of service and information disclosure vulnerabilities. Important security steps inside.
2026/03/24: fix missing fclose and potential double free in option file parsing 2026/03/23: upnphttp.c: fix removal of quotes in ParseHttpHeaders() minixml.c: fix buffer read ov...

Summary

The MiniUPnP daemon is an UPnP IGD & PCP/NAT-PMP daemon for gateway routers.

UPnP IGD & PCP/NAT-PMP are used to improve internet connectivity for devices behind

a NAT router. Any peer to peer network application such as games, IM, etc. can

benefit from a NAT router supporting UPnP IGD & PCP/NAT-PMP.

Update Information:

2026/03/24: fix missing fclose and potential double free in option file parsing 2026/03/23: upnphttp.c: fix removal of quotes in ParseHttpHeaders() minixml.c: fix buffer read overflow 2026/02/05: Rewrite permission line parser 2025/05/26: Fix false negative filtered STUN CGNAT test result for unsupported servers #825 2025/05/24: Fix Mac OS X 10.9 build 2025/05/15: build: teststun executable 2025/04/28: pf: fix delete_pinhole for openbsd. Was broken since miniupnpd 2.3.7 2025/04/26 Fix parsing of interfaces names starting with a digit nftables: add counter for DNAT rule (ENABLE_NFT_RULE_COUNTER in config.h) nftables: improve scripts to support already existing tables

Topics%20covered

Topics Covered

security advisory denial of service fedora critical information disclosure miniupnpd

Change Log

* Mon Apr 20 2026 - Michael Cronenworth - 2.3.10-1 - Version update * Fri Jan 16 2026 Fedora Release Engineering - 2.3.9-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #2459688 - CVE-2026-5720 miniupnpd: miniupnpd: Denial of service or information disclosure due to integer underflow in SOAPAction header parsing. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2459688

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-5f908cb040' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: miniupnpd
Product: Fedora 43
Version: 2.3.10
Release: 1.fc43
URL: https://miniupnp.tuxfamily.org/
Summary: Lightweight UPnP IGD & PCP/NAT-PMP daemon

Topics%20covered

Topics Covered

security advisory denial of service fedora critical information disclosure miniupnpd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here