CVE-2020-26139

CVE Database · CVE-2020-26139

CVE-2020-26139

· MEDIUMModified

CVSS v3.1

5.3

EPSS

6.49%

Published

May 11, 2021

Modified

Apr 14, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-287

Affected Products (330)

netbsd · netbsdvulnerable

debian · debian_linuxvulnerable

arista · c-100_firmwarevulnerable

arista · c-100

arista · c-110_firmwarevulnerable

arista · c-110

arista · c-120_firmwarevulnerable