HIGH
Tasmota
CVE published 2026-05-27
CVE-2026-38427
A heap buffer overflow vulnerability exists in the Tasmota open-source firmware, specifically within the `fetch_jpg()` function in `xdrv_10_scripter.ino`. The flaw stems from an integer overflow condition where the `Content-Length` header value from a JPEG stream is stored in a `uint16_t` variable. When a server returns a `Content-Length` exceeding 65,535 bytes, the value wraps around, causing the subsequ [truncated]