CVE-2026-38427

CVSS 7.3 HIGHEPSS 0.5%CWE-122

An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16_t variable; values above 65535 wrap around, causing allocation of a smaller buffer than the data actually read.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

n/a · n/a

public PoCs found — 1

githubgithub.com/sermikr0/CVE-2026-38427★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/arendst/Tasmota/blob/c207cc2/tasmota/tasmota_xdrv_driver/xdrv_10_scripter.ino https://github.com/sermikr0/CVE-2026-38427