CVE-2026-38426

Published
View on NVD ↗
CVSS v3
7.3
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv_10_scripter.ino, fetch_jpg(), jpg_task.boundary[40], strcpy() function.

arendst/Tasmota
arendst/Tasmota
Alternative firmware for ESP8266 and ESP32 based devices with easy configuration using webUI, OTA updates, automation using timers or rules, expandability and entirely local control over MQTT, HTTP, Serial or KNX. Full documentation at
GitHubGitHub
24.5K
sermikr0/CVE-2026-38426
sermikr0/CVE-2026-38426
CVE-2026-38426 — strcpy() Stack Buffer Overflow in Tasmota fetch_jpg() boundary[40] (Tasmota <= 15.3.0.3)
GitHubGitHub