Home / Vulnerability Intelligence / CVE-2026-41429

CVE-2026-41429 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: April 24, 2026

arduino-esp32 - Memory Corruption

Published: April 24, 2026Updated: April 24, 2026

Overview

arduino-esp32 < 3.3.8 contains a memory corruption caused by improper bounds checking of the name_len field in NBNS packet handling, letting remote attackers on the local network cause memory corruption, exploit requires NetBIOS enabled.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Remote attackers on the local network can cause memory corruption, potentially leading to device instability or code execution.

Mitigation

Update to version 3.3.8 or later.

References

https://github.com/espressif/arduino-esp32/security/advisories/GHSA-92j9-c75g-2c5f

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-41429
Severity: High
CVSS Score: 8.8
Type: undefined
Status: new

CWE

CWE-121

CVSS Metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H