OpenWrt 24.10.7 - Service Release - 31. May 2026

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 24.10.7, r29197-ab4c7d6af7
 -----------------------------------------------------

The OpenWrt community is proud to announce the newest stable release of the OpenWrt 24.10 stable series.

This release fixes several security issues, including security fixes in dnsmasq and the Linux kernel. We recommend everyone to upgrade.

:!: The OpenWrt 24.10 series is in security maintenance (only security problems are fixed), with end of life (EoL) projected for September 2026. We recommend migrating to OpenWrt 25.12 before then.

Download firmware images via the Firmware Selector or directly from our download servers:

An upgrade from OpenWrt 23.05 to OpenWrt 24.10 is supported in many cases with the help of the sysupgrade utility which will also attempt to preserve the configuration. A configuration backup is advised nonetheless when upgrading to OpenWrt 24.10. (see “Upgrading” below).

About OpenWrt

The OpenWrt Project is a Linux operating system targeting embedded devices. It is a complete replacement for the vendor-supplied firmware of a wide range of wireless routers and non-network devices. See the Table of Hardware for supported devices. For more information about OpenWrt project organization, see the About OpenWrt pages.

Announcements about new releases and security fixes

Do you want to be informed about important changes such as new releases and security fixes?

We have a new mailing list for this, as well as RSS options: see Important changes and announcements.

Main changes between OpenWrt 24.10.6 and OpenWrt 24.10.7

Only the main changes are listed below. See changelog-24.10.7 for the full changelog.

Security fixes

Linux kernel:

  • CVE-2026-43284 (“Dirty Frag”): local privilege escalation through the IPsec ESP code path. This only affects devices that use IPsec, i.e. that have kmod-ipsec / the esp4 or esp6 kernel modules loaded. Fixed by the Linux kernel update to 6.6.138.
  • CVE-2026-31431 (“Copy Fail”): in earlier releases this only affected users of the starfive target and users who had installed kmod-crypto-user. Fixed by the Linux kernel update to 6.6.137.

dnsmasq:

  • Multiple upstream security fixes backported to dnsmasq 2.90: CVE-2026-2291, CVE-2026-4890, CVE-2026-4891, CVE-2026-4892, CVE-2026-4893 and CVE-2026-5172.

TLS/crypto libraries:

  • openssl: update to 3.0.20, fixing multiple security vulnerabilities
  • mbedtls: update to 3.6.6, fixing multiple security vulnerabilities
  • wolfssl: update to 5.9.1, fixing multiple security vulnerabilities

Device support

  • airoha: an7581: enable USB support
  • airoha: EN7581: fix PCIe initialization and add x2 lane (x2 link) support
  • airoha: add U-Boot support for EN7581/AN7583 boards
  • bcm53xx: align image names with the device-tree compatible (affects image selection in the Firmware Selector)
  • qualcommax: ipq807x: Linksys MX5300: fix MAC address labelling
  • ramips: mt7621: Xiaomi Mi Router AC2100: fix MAC address labelling

Various fixes and improvements

  • airoha: an7581: fix kernel panic in the I2S audio driver
  • airoha: fix Ethernet hardware offload on EN7581 (backported upstream airoha_eth patches, offload with GDM2 present)
  • lantiq: fix refcount and memory leak in the MTD partition parser
  • wifi-scripts: fix MAC address check in the mac80211 setup script

Core components update

  • Linux kernel: update from 6.6.127 to 6.6.141
  • ca-certificates: update from 20250419 to 20260223
  • mbedtls: update from 3.6.5 to 3.6.6
  • openssl: update from 3.0.19 to 3.0.20
  • wireless-regdb: update from 2026.02.04 to 2026.03.18
  • wolfssl: update from 5.7.6 to 5.9.1

Upgrading to 24.10

Sysupgrade can be used to upgrade a device from 23.05 to 24.10, and configuration will be preserved in most cases. For for upgrades inside the OpenWrt 24.10 stable series for example from a OpenWrt 24.10 release candidate Attended Sysupgrade is supported in addition which allows preserving the installed packages too.

:!: Sysupgrade from 22.03 to 24.10 is not officially supported.

:!: There is no configuration migration path for users of the ipq806x target for Qualcomm Atheros IPQ806X SoCs because it switched to DSA. You have to upgrade without saving the configuration. Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed

:!: User of the Linksys E8450 aka. Belkin RT3200 running OpenWrt 23.05 or earlier will need to run installer version v1.1.3 or later in order to reorganize the UBI layout for the 24.10 release. A detailed description is in the OpenWrt wiki. Updating without using the installer will break the device. Sysupgrade will show a warning before doing an incompatible upgrade.

:!: Users of the Xiaomi AX3200 aka. Redmi AX6S running OpenWrt 23.05 or earlier have to follow a special upgrade procedure described in the wiki. This will increase the flash memory available for OpenWrt. Updating without following the guide in the wiki break the device. Sysupgrade will show a warning before doing an incompatible upgrade.

:!: Users of Zyxel GS1900 series switches running OpenWrt 23.05 or earlier have to perform a new factory install with the initramfs image due to a changed partition layout. Sysupgrade will show a warning before doing an incompatible upgrade and is not possible. After upgrading, the config file /etc/config/system should not be restored from a backup, as this will overwrite the new compat_version value.

Known issues

  • LEDs for Airoha AN8855 are not yet supported. Devices like the Xiaomi AX3000T with an Airoha switch will have their switch LEDs powered off. This issue will be addressed in an upcoming OpenWrt SNAPSHOT and the OpenWrt 24.10 minor release.
  • 5GHz WiFi is non-functional on certain devices with ath10k chipsets. Affected models include the Phicomm K2T, TP-Link Archer C60 v3 and possibly others. For details, see issue #14541.

Final notes

As always, a big thank you goes to all our active package maintainers, testers, documenters, and supporters.

Have fun!

The OpenWrt Community

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2026/05/31 22:45
  • by hauke