PatchSiren

arendst CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH arendst CVE published 2026-05-27

CVE-2026-38426

A buffer overflow vulnerability exists in arendst Tasmota firmware version 15.3.0.3 and earlier. The flaw resides in the Scripter driver (xdrv_10_scripter.ino), specifically within the fetch_jpg() function where a 40-byte boundary buffer (jpg_task.boundary[40]) is populated using strcpy() without adequate bounds checking. This allows a remote attacker to trigger memory corruption and potentially execute a [truncated]

HIGH arendst CVE published 2026-05-27

CVE-2026-38422

A buffer overflow vulnerability exists in the Tasmota open-source firmware, specifically within the Scripter driver component. The flaw resides in the fetch_jpg() function located in xdrv_10_scripter.ino, affecting version 15.3.0.3 and earlier. Successful exploitation by a remote attacker could result in arbitrary code execution on affected devices. The vulnerability was disclosed on May 27, 2026, with th [truncated]