PatchSiren cyber security CVE debrief
CVE-2026-23747 Golioth CVE debrief
The Golioth Firmware SDK, versions 0.10.0 to prior 0.22.0, contains a stack-based buffer overflow vulnerability in Payload Utils. This issue, fixed in commit 48f521b, arises from the golioth_payload_as_int() and golioth_payload_as_float() helpers, which copy network-supplied payload data into fixed-size stack buffers using memcpy() with a length derived from payload_size. The vulnerability is triggered when processing payloads larger than 12 bytes (int) or 32 bytes (float), potentially leading to a crash or denial of service. This vulnerability is reachable via LightDB State on_payload with a malicious server or MITM.
- Vendor
- Golioth
- Product
- Firmware SDK
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-07-14
Who should care
Developers and users of the Golioth Firmware SDK, especially those using versions 0.10.0 to prior 0.22.0, should be aware of this vulnerability. It is crucial for them to update to version 0.22.0 or later to mitigate the risk of a denial of service.
Technical summary
The Golioth Firmware SDK versions 0.10.0 to prior 0.22.0 are vulnerable to a stack-based buffer overflow in the Payload Utils component. The golioth_payload_as_int() and golioth_payload_as_float() functions are susceptible to this issue due to their use of memcpy() with a length derived from payload_size without adequate checks. This can lead to a denial of service when processing large payloads. The vulnerability is fixed in commit 48f521b and version 0.22.0.
Defensive priority
Medium priority should be given to updating the Golioth Firmware SDK to version 0.22.0 or later due to the potential for denial of service attacks.
Recommended defensive actions
- Update Golioth Firmware SDK to version 0.22.0 or later.
- Implement input validation for payload sizes.
- Use secure communication protocols to mitigate MITM attacks.
- Monitor for suspicious network activity.
- Apply the fix from commit 48f521b.
Evidence notes
The CVE record was published on 2026-02-26T18:23:06.317Z and was last modified on 2026-07-14T16:16:52.637Z. The NVD entry is currently Deferred. The vulnerability was disclosed by Secmate via multiple sources including a blog post, GitHub commit, and advisory pages.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-26T18:23:06.317Z and has not been modified since then. The NVD entry is currently Deferred.