{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41429", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-20T15:32:33.814Z", "datePublished": "2026-04-24T19:19:49.594Z", "dateUpdated": "2026-04-27T13:34:49.485Z"}, "containers": {"cna": {"title": "Improper validation of NBNS name_len in arduino-esp32 NetBIOS leads to memory corruption", "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "lang": "en", "description": "CWE-121: Stack-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/espressif/arduino-esp32/security/advisories/GHSA-92j9-c75g-2c5f", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/espressif/arduino-esp32/security/advisories/GHSA-92j9-c75g-2c5f"}], "affected": [{"vendor": "espressif", "product": "arduino-esp32", "versions": [{"version": "< 3.3.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-24T19:19:49.594Z"}, "descriptions": [{"lang": "en", "value": "arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin(...), the device listens on UDP port 137 and processes untrusted NBNS requests from the local network.\nThe request parser trusts the attacker-controlled name_len field without enforcing a bound consistent with the fixed-size destination buffers used later in the flow. This vulnerability is fixed in 3.3.8."}], "source": {"advisory": "GHSA-92j9-c75g-2c5f", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/espressif/arduino-esp32/security/advisories/GHSA-92j9-c75g-2c5f", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T13:10:48.792547Z", "id": "CVE-2026-41429", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:34:49.485Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41429", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-27T13:10:48.792547Z"}}}], "references": [{"url": "https://github.com/espressif/arduino-esp32/security/advisories/GHSA-92j9-c75g-2c5f", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:10:49.777Z"}}], "cna": {"title": "Improper validation of NBNS name_len in arduino-esp32 NetBIOS leads to memory corruption", "source": {"advisory": "GHSA-92j9-c75g-2c5f", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "espressif", "product": "arduino-esp32", "versions": [{"status": "affected", "version": "< 3.3.8"}]}], "references": [{"url": "https://github.com/espressif/arduino-esp32/security/advisories/GHSA-92j9-c75g-2c5f", "name": "https://github.com/espressif/arduino-esp32/security/advisories/GHSA-92j9-c75g-2c5f", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin(...), the device listens on UDP port 137 and processes untrusted NBNS requests from the local network.\nThe request parser trusts the attacker-controlled name_len field without enforcing a bound consistent with the fixed-size destination buffers used later in the flow. This vulnerability is fixed in 3.3.8."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-24T19:19:49.594Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41429", "state": "PUBLISHED", "dateUpdated": "2026-04-27T13:34:49.485Z", "dateReserved": "2026-04-20T15:32:33.814Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-24T19:19:49.594Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin(...), the device listens on UDP port 137 and processes untrusted NBNS requests from the local network.\nThe request parser trusts the attacker-controlled name_len field without enforcing a bound consistent with the fixed-size destination buffers used later in the flow. This vulnerability is fixed in 3.3.8."}], "id": "CVE-2026-41429", "lastModified": "2026-04-27T18:57:20.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-24T20:16:27.663", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/espressif/arduino-esp32/security/advisories/GHSA-92j9-c75g-2c5f"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/espressif/arduino-esp32/security/advisories/GHSA-92j9-c75g-2c5f"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.3.8)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "arduino-esp32", "source": "cna", "vendor": "espressif"}, "product": "arduino-esp32", "vendor": "espressif"}], "analysis": {"en": {"generated_at": "2026-04-28T05:49:51.845582+00:00", "value": {"mitigation_remediation": ["Upgrade the Arduino ESP32 core to version 3.3.8 or later", "If NetBIOS is not required, disable NBNS by removing the NBNS.begin(...) call from the code", "Configure network or firewall rules to block or restrict UDP traffic on port 137 to limit local\u2011network reachability"], "summary": {"action": "Apply Patch", "impact": "Remote Memory Corruption"}, "threat_synthesis": {"affected_systems": "The affected product is espressif:arduino-esp32, the Arduino core for ESP32, ESP32\u2011S2, ESP32\u2011S3, ESP32\u2011C3, ESP32\u2011C6 and ESP32\u2011H2 microcontrollers. All releases prior to 3.3.8 are vulnerable; the flaw is fixed in version 3.3.8 and later.", "description_and_impact": "Prior to version 3.3.8 the Arduino core for ESP32 devices parses NetBIOS Name Service (NBNS) packets without validating the name_len field and copies the resulting payload into a fixed\u2011size buffer. This flaw allows an attacker on the same local network to send a crafted UDP packet to port 137 and trigger a memory corruption that can lead to arbitrary code execution or system crash. The vulnerability is listed under CWE\u2011121, a stack buffer overflow. The high CVSS score of 8.8 reflects the potential for severe impact on confidentiality, integrity, and availability when the flaw is exploited.", "risk_and_exploitability": "CVSS 8.8 places this issue in the high severity range, and the EPSS score of less than 1% indicates a low but non\u2011zero likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, yet it can be exploited by an adversary who can send packets to the affected device from the local network. The actor needs only local network access; network segmentation or firewall rules that block UDP port 137 reduce the attack surface. Because the flaw leads to memory corruption, an exploit could achieve arbitrary code execution or denial of service depending on the device configuration."}}}}, "created": "2026-04-27T20:15:12.104697+00:00", "updated": "2026-04-28T06:00:09.586800+00:00", "vendors": ["espressif", "espressif$PRODUCT$arduino-esp32"]}