CVE-2026-38422

Published
View on NVD ↗
CVSS v3
7.3
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the tasmota/tasmota_xdrv_driver/xdrv_10_scripter.ino, fetch_jpg() function.

arendst/Tasmota
arendst/Tasmota
Alternative firmware for ESP8266 and ESP32 based devices with easy configuration using webUI, OTA updates, automation using timers or rules, expandability and entirely local control over MQTT, HTTP, Serial or KNX. Full documentation at
GitHubGitHub
24.5K
sermikr0/CVE-2026-38422
sermikr0/CVE-2026-38422
CVE-2026-38422 — Remote Code Execution via Combined Buffer Overflows in Tasmota fetch_jpg() (Tasmota <= 15.3.0.3)
GitHubGitHub