These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-46532 is a MEDIUM severity vulnerability in the Espressif Internet of Things (IOT) Development Framework (ESP-IDF). An out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser (avrc_pars_vendor_cmd() in components/bt/host/bluedroid/stack/avrc/avrc_pars_tg.c) in versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0. This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.4, and 6.0.1.
A heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup path of the protocomm component in Espressif Internet of Things (IOT) Development Framework (ESF-IDF) versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0. The issue arises from the first-phase handler (handle_session_command0() in components/protocomm/src/security/security2.c) trusting the length of a client-supplied protobuf field for [truncated]
A vulnerability was discovered in Espressif Internet of Things (IOT) Development Framework (ESP-IDF) versions 5.5.4 and 6.0. The issue lies in the ESP-TEE secure-service wrappers, which only validated some of the caller-supplied pointer arguments. This oversight allowed callers to supply pointers into TEE-exclusive memory as inputs, enabling the peripheral to read TEE memory and return results derived fro [truncated]
A critical vulnerability was found in Espressif Internet of Things (IOT) Development Framework (ESF-IDF). The vulnerability is caused by the esp_tee component exposing secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c that bridge calls from the user application (i.e. the REE) to TEE-protected hardware peripherals (AES, SHA, ECC, HMAC, SPI, MMU, WDT) and to the security featur [truncated]
CVE-2026-45160 is an out-of-bounds read flaw in the DHCP server option parser (parse_options() in components/lwip/apps/dhcpserver/dhcpserver.c) shipped with ESP-IDF's lwIP component. The parser walks the BOOTP/DHCP options field without validating that each option's length byte and declared payload length stay within the received packet buffer. A crafted DHCP request can cause the parser to read past the [truncated]
A vulnerability in Espressif Shared GitHub DangerJS (prior to version 1.0.1) allows arbitrary code execution via an untrusted search path. The action's entrypoint.sh copied a fork's checkout into the caller's workspace before invoking DangerJS, enabling a pull_request_target workflow to execute attacker-supplied code in place of the legitimate action code. This affects CI/CD pipelines using the vulnerable [truncated]
CVE-2026-42854 is a critical, network-reachable memory corruption issue in arduino-esp32’s WebServer multipart form parser. An attacker-controlled multipart boundary value can exhaust the loopTask stack and crash the device, with potential remote code execution. The issue is fixed in arduino-esp32 3.3.8.