CVE-2026-10067— Shibby Tomato multimon.cgi sub_90F0 stack-based overflow

CVSS 8.8 · High Updated May 30, 2026

Possible ATT&CK Techniques 2AI

T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing Application

Affected Version Matrix 1

Vendor	Product	Version Range	Status
Shibby	Tomato	`1.28`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Shibby Tomato multimon.cgi sub_90F0 stack-based overflow

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

栈缓冲区溢出

Source: NVD (National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Shibby	Tomato	1.28	`cpe:2.3:a:shibby:tomato::::::::`

II. Public POCs for CVE-2026-10067

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-10067

请登录查看更多情报信息。

Other References for CVE-2026-10067 (1)

🔗 Tomato by Shibby Tomato Firmware 1.28 Stack-based Buffer Overflow (www/apcupsd/multimon.cgi) · Issue #IJK7BE · 王丰毅/CVE - Giteeissue-tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-10067

Same Patch Batch · Shibby · 2026-05-29 · 5 CVEs total

CVE-2026-10066	8.8 HIGH	Shibby Tomato UPS Service tomatoups.cgi sub_9068 stack-based overflow
CVE-2026-10065	8.8 HIGH	Shibby Tomato tomatodata.cgi get_ups_field stack-based overflow
CVE-2026-10069	7.5 HIGH	Shibby Tomato miniupnpd resource consumption
CVE-2026-10068	7.3 HIGH	Shibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgery

IV. Related Vulnerabilities

Same product: Tomato

Same vendor: Shibby

Same weakness: CWE-121

V. Comments for CVE-2026-10067

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-10067— Shibby Tomato multimon.cgi sub_90F0 stack-based overflow

Possible ATT&CK Techniques 2AI

Affected Version Matrix 1

I. Basic Information for CVE-2026-10067

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-10067

III. Intelligence Information for CVE-2026-10067

Other References for CVE-2026-10067 (1)

Same Patch Batch · Shibby · 2026-05-29 · 5 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-10067

Leave a comment