HIGH
arendst
CVE published 2026-05-27
CVE-2026-38426
A buffer overflow vulnerability exists in arendst Tasmota firmware version 15.3.0.3 and earlier. The flaw resides in the Scripter driver (xdrv_10_scripter.ino), specifically within the fetch_jpg() function where a 40-byte boundary buffer (jpg_task.boundary[40]) is populated using strcpy() without adequate bounds checking. This allows a remote attacker to trigger memory corruption and potentially execute a [truncated]