PatchSiren

Espressif CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Espressif CVE published 2026-05-12

CVE-2026-42854

CVE-2026-42854 is a critical, network-reachable memory corruption issue in arduino-esp32’s WebServer multipart form parser. An attacker-controlled multipart boundary value can exhaust the loopTask stack and crash the device, with potential remote code execution. The issue is fixed in arduino-esp32 3.3.8.