{"api_version":"1","generated_at":"2026-04-22T23:30:25+00:00","cve":"CVE-2020-26142","urls":{"html":"https://cve.report/CVE-2020-26142","api":"https://cve.report/api/cve/CVE-2020-26142.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-26142","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-26142"},"summary":{"title":"CVE-2020-26142","description":"An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-05-11 20:15:00","updated_at":"2021-12-03 21:12:00"},"problem_types":["CWE-74"],"metrics":[],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu","name":"20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021","refsource":"CISCO","tags":[],"title":"Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.fragattacks.com","name":"https://www.fragattacks.com","refsource":"MISC","tags":[],"title":"FragAttacks: Security flaws in all Wi-Fi devices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63","name":"https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63","refsource":"MISC","tags":[],"title":"Security Advisory 0063 - Arista","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md","name":"https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md","refsource":"MISC","tags":[],"title":"fragattacks/SUMMARY.md at master · vanhoefm/fragattacks · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2021/05/11/12","name":"[oss-security] 20210511 various 802.11 security issues - fragattacks.com","refsource":"MLIST","tags":[],"title":"oss-security - various 802.11 security issues - fragattacks.com","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-26142","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26142","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"26142","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"openbsd","cpe5":"openbsd","cpe6":"6.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-26142","qid":"159403","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9459)"},{"cve":"CVE-2020-26142","qid":"390248","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2021-0035)"},{"cve":"CVE-2020-26142","qid":"591150","title":"Hitachi ABB Power Grids TropOS Multiple Vulnerabilities (ICSA-21-236-01,9AKK107992A4463)"},{"cve":"CVE-2020-26142","qid":"671051","title":"EulerOS Security Update for kernel (EulerOS-SA-2021-2663)"},{"cve":"CVE-2020-26142","qid":"671441","title":"EulerOS Security Update for kernel (EulerOS-SA-2022-1366)"},{"cve":"CVE-2020-26142","qid":"671703","title":"EulerOS Security Update for kernel (EulerOS-SA-2022-1735)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-26142","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"CISCO","name":"20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"},{"refsource":"MISC","name":"https://www.fragattacks.com","url":"https://www.fragattacks.com"},{"refsource":"MISC","name":"https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md","url":"https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"},{"refsource":"MLIST","name":"[oss-security] 20210511 various 802.11 security issues - fragattacks.com","url":"http://www.openwall.com/lists/oss-security/2021/05/11/12"},{"refsource":"MISC","name":"https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63","url":"https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"}]}},"nvd":{"publishedDate":"2021-05-11 20:15:00","lastModifiedDate":"2021-12-03 21:12:00","problem_types":["CWE-74"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.6,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":2.6},"severity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:openbsd:openbsd:6.6:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"26142","Ordinal":"187561","Title":"CVE-2020-26142","CVE":"CVE-2020-26142","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"26142","Ordinal":"1","NoteData":"An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"26142","Ordinal":"2","NoteData":"2021-05-11","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"26142","Ordinal":"3","NoteData":"2021-10-28","Type":"Other","Title":"Modified"}]}}}