Heap-Over-Read

vulnerabilities 2026-06-20
A Zero-Length Compare and 27 Years: OpenBSD's PAP Authentication Bypass (CVE-2026-55706)
CVE-2026-55706 is a 27-year-old authentication bypass in OpenBSD's sppp(4) PAP handler. An attacker-controlled compare length means empty credentials produce a PAP_ACK — and an oversized one leaks kernel heap. Full details and a working PoC are public.
openbsd cve-2026-55706 authentication-bypass pppoe ppp pap sppp kernel-vulnerability heap-over-read mitm

A Zero-Length Compare and 27 Years: OpenBSD's PAP Authentication Bypass (CVE-2026-55706)