CVE-2020-26139

Name: CVE-2020-26139
Creator: NVD / NIST
Published: 2021-05-11T20:15:08.647+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 6.49%

Last modified Jun 17, 2026

CVE-2020-26139 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. EPSS estimates a 6.49% chance of exploitation in the next 30 days.

Description

An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

6.49%

92.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-287

Affected Software

Vendor	Product	Versions
Netbsd	Netbsd	7.1
Debian	Debian Linux	9.0
Arista	C-100 Firmware	All versions
Arista	C-110 Firmware	All versions
Arista	C-120 Firmware	All versions
Arista	C-130 Firmware	All versions
Arista	C-200 Firmware	All versions
Arista	C-230 Firmware	All versions
Arista	C-235 Firmware	All versions
Arista	C-250 Firmware	All versions
Arista	C-260 Firmware	All versions
Arista	C-65 Firmware	All versions
Arista	C-75 Firmware	All versions
Arista	O-105 Firmware	All versions
Arista	O-90 Firmware	All versions
Arista	W-118 Firmware	All versions
Arista	W-68 Firmware	All versions
Cisco	1100 Firmware	All versions
Cisco	1100-4p Firmware	All versions
Cisco	1100-8p Firmware	All versions
Cisco	1101-4p Firmware	All versions
Cisco	1109-2p Firmware	All versions
Cisco	1109-4p Firmware	All versions
Cisco	Aironet 1532 Firmware	All versions
Cisco	Aironet 1542d Firmware	All versions
Cisco	Aironet 1542i Firmware	All versions
Cisco	Aironet 1552 Firmware	All versions
Cisco	Aironet 1552h Firmware	All versions
Cisco	Aironet 1572 Firmware	All versions
Cisco	Aironet 1702 Firmware	All versions
Cisco	Aironet 1800 Firmware	All versions
Cisco	Aironet 1800i Firmware	All versions
Cisco	Aironet 1810 Firmware	All versions
Cisco	Aironet 1810w Firmware	All versions
Cisco	Aironet 1815 Firmware	All versions
Cisco	Aironet 1815i Firmware	All versions
Cisco	Aironet 1832 Firmware	All versions
Cisco	Aironet 1842 Firmware	All versions
Cisco	Aironet 1852 Firmware	All versions
Cisco	Aironet 2702 Firmware	All versions
Cisco	Aironet 2800 Firmware	All versions
Cisco	Aironet 2800e Firmware	All versions
Cisco	Aironet 2800i Firmware	All versions
Cisco	Aironet 3702 Firmware	All versions
Cisco	Aironet 3800 Firmware	All versions
Cisco	Aironet 3800e Firmware	All versions
Cisco	Aironet 3800i Firmware	All versions
Cisco	Aironet 3800p Firmware	All versions
Cisco	Aironet 4800 Firmware	All versions
Cisco	Aironet Ap803 Firmware	All versions

Showing 50 of 166 affected configurations. See NVD for the full list.

References

http://www.openwall.com/lists/oss-security/2021/05/11/12Mailing List, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdfPatch, Third Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlMailing List, Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWuThird Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63Third Party Advisory
https://www.fragattacks.comThird Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/11/12Mailing List, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdfPatch, Third Party Advisory
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.mdThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlMailing List, Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWuThird Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63Third Party Advisory
https://www.fragattacks.comThird Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-019200.html
https://cert-portal.siemens.com/productcert/html/ssa-913875.html

Timeline

Published: May 11, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-26139?

How severe is CVE-2020-26139?

CVE-2020-26139 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 6.49% probability of exploitation in the next 30 days.

How do I fix CVE-2020-26139?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-26139?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST