top of page
perceptive_background_267k.jpg

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reacha…

Published:

23 April 2026 at 22:00:00

Alert date:

24 April 2026 at 21:02:15

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT

A memory corruption vulnerability exists in arduino-esp32 core for ESP32 microcontrollers prior to version 3.3.8. The vulnerability occurs in the NBNS packet handling path when NetBIOS is enabled. The issue arises from the request parser trusting an attacker-controlled name_len field without proper bounds checking against fixed-size destination buffers. This allows remote attackers on the local network to trigger memory corruption by sending malicious NBNS requests to UDP port 137. The vulnerability affects ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers and has been fixed in version 3.3.8.

Technical details

Mitigation steps:

Affected products:

arduino-esp32
ESP32
ESP32-S2
ESP32-S3
ESP32-C3
ESP32-C6
ESP32-H2

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41429
https://github.com/espressif/arduino-esp32/security/advisories/GHSA-92j9-c75g-2c5f

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page