Comodo Internet Security Hit by Unpatched Zero-Day Vulnerability (ComoDoS)
Security researchers have disclosed an unpatched zero-day vulnerability in Comodo Internet Security, dubbed ComoDoS, which allows attackers to remotely crash Windows systems with a single malformed IPv6 packet even bypassing firewall protections.
The flaw lies in Comodo’s IPv6 header parser, specifically in how it processes extension headers, which are optional fields in IPv6 packets. By exploiting this weakness, an attacker can trigger a system crash without requiring authentication or user interaction.
Despite multiple disclosure attempts, Comodo has not responded or issued a patch, leaving users exposed. The vulnerability poses a significant risk, particularly for organizations relying on Comodo’s security products, as it can be exploited remotely with minimal effort.
The discovery underscores the challenges of vendor responsiveness in cybersecurity, especially when critical flaws remain unaddressed. No workaround has been provided, and the full impact of the vulnerability is still under assessment.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7468250792030806016
Comodo TPRM report: https://www.rankiteo.com/company/comodo-security-solutions
"id": "com1780575958",
"linkid": "comodo-security-solutions",
"type": "Vulnerability",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Users of Comodo Internet '
'Security',
'industry': 'Cybersecurity',
'name': 'Comodo Group',
'type': 'Cybersecurity Company'}],
'attack_vector': 'Remote exploitation via malformed IPv6 packet',
'description': 'Security researchers have disclosed an unpatched zero-day '
'vulnerability in Comodo Internet Security, dubbed ComoDoS, '
'which allows attackers to remotely crash Windows systems with '
'a single malformed IPv6 packet even bypassing firewall '
'protections. The flaw lies in Comodo’s IPv6 header parser, '
'specifically in how it processes extension headers, which are '
'optional fields in IPv6 packets. By exploiting this weakness, '
'an attacker can trigger a system crash without requiring '
'authentication or user interaction.',
'impact': {'brand_reputation_impact': "Significant risk to Comodo's "
'reputation due to unpatched '
'vulnerability',
'downtime': 'System crash',
'operational_impact': 'Remote system crashes, potential denial of '
'service',
'systems_affected': 'Windows systems with Comodo Internet Security '
'installed'},
'investigation_status': 'Under assessment',
'lessons_learned': 'Challenges of vendor responsiveness in cybersecurity, '
'especially when critical flaws remain unaddressed.',
'post_incident_analysis': {'root_causes': 'Improper handling of IPv6 '
'extension headers in Comodo '
'Internet Security'},
'references': [{'source': 'Security researchers'}],
'title': 'Comodo Internet Security Hit by Unpatched Zero-Day Vulnerability '
'(ComoDoS)',
'type': 'Zero-Day Vulnerability',
'vulnerability_exploited': 'Improper handling of IPv6 extension headers in '
'Comodo Internet Security'}