sermikr0/CVE-2026-38422

Releases0

CVE-2026-38422 — Remote Code Execution via Combined Buffer Overflows in Tasmota fetch_jpg() (Tasmota <= 15.3.0.3)

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-38422 ↗	May 27, 2026Wednesday, 27 May 2026, 14:16	7.3 HIGH	—
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the tasmota/tasmota_xdrv_driver/xdrv_10_scripter.ino, fetch_jpg() function.