Xcitium Client Security / Comodo Internet Security Remote Denial of Service

Advisories

Xcitium Client Security / Comodo Internet Security Remote Denial of Service

severity: high
date: 6/7/2026
Affecting: Xcitium Client Security (XCS) < 13.8.2.10019
Comodo Internet Security (CIS) <= 12.3.4.8162
CVE: CVE-2026-49494
CWE: CWE-191 Integer Underflow (Wrap or Wraparound)
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
References: MalwareTech - ComoDoS
Proof of Concept
Xcitium Release Notes
Credit: Marcus Hutchins (MalwareTech)
Description: Xcitium Client Security (XCS) before 13.8.2.10019 and Comodo Internet Security (CIS) through 12.3.4.8162 (fix expected by 2026 Q3) contain an integer underflow vulnerability in the firewall driver Inspect.sys that allows remote unauthenticated attackers to crash the system by sending a crafted IPv6 packet with a declared payload length smaller than the sum of its extension-header lengths. The unsigned 64-bit payload-length value underflows to a near-maximal integer, triggering an out-of-bounds read and oversized memcpy in the Windows kernel at DISPATCH_LEVEL, resulting in a blue screen of death even on hosts with all ports blocked.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo