Does anyone know if RouterOS is impacted by this? (CVE-2026-43284)
It’s impact is so widespread it certainly seems that Mikrotik would be affected but I’ve seen no mention of it anywhere.
iirc Mikrotik doesnt use a lot of kernel modules so i guess it wont be affected just like with copy fail
Out of affected modules,
esp6is present and loadable on at least ARM64 devices (did not check others).There is also additional new CVE-2026-46300 (named Fragnessia) that also affects
esp6module. The actual flaw is pretty generic and we can expect more places and variants to pop up as people direct their attention (and models) at it.While exploit remains local-bound, it does potentially offer ability to jailbreak RouterOS via containers, though a very specialized container would need to be built due to RouterOS relative obscurity making it very unlikely any component to be shared.
There’s a new one today called ssh-keysign-pwn.