OpenBSD MPLS Kernel Stack Memory Leak Vulnerability (CVE-2026-56099)

A specially crafted MPLS packet can cause an out-of-bounds read in the mpls_do_error function, leaking 4 bytes of adjacent kernel stack memory. The leak occurs remotely and can be repeated if MPLS is enabled on the system. The vulnerability was fixed in OpenBSD-current on June 18, 2026.