IoT
CVE-2026-27703
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In 2026.01 and earlier, the default handler for the well_known_core resource coap_well_known_core_default_handler writes user-provided option data and other data into a fixed size buffer without validating the buffer is large enough to contain the response. This vulnerability allows an attacker to corrupt neighboring stack location, including security-sensitive addresses like the return address, leading to denial of service or arbitrary code execution.
AnalysisAI
Stack buffer overflow in RIOT OS coap_well_known_core_default_handler allows unauthenticated remote attackers to overwrite critical stack data including return addresses through oversized CoAP option responses. Affected IoT devices running RIOT 2026.01 and earlier are vulnerable to denial of service or arbitrary code execution without any user interaction required. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-787 (Out-of-bounds Write). RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In 2026.01 and earlier, the default handler for the well_known_core resource coap_well_known_core_default_handler writes user-provided option data and other data into a fixed size buffer without validating the buffer is large enough to contain the response. This vulnerability allows an attacker to corrupt neighboring stack location, including
Affected ProductsAI
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded dev
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.
A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.
Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available.
Kede Electronics IoT smart water meter monitoring platform v1.0 has a SQL injection allowing attackers to compromise the
RIOT IoT operating system has an out-of-bounds read vulnerability (CVSS 9.1) that could lead to information disclosure o
A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available
CVE-2025-34023 is a path traversal vulnerability in Karel IP1211 IP Phone's web management panel that allows remote auth
CVE-2025-48466 is a security vulnerability (CVSS 8.1). Risk factors: public PoC available.
MajorDoMo's unauthenticated /objects/?op=set endpoint fails to sanitize property values, allowing remote attackers to in
CVE-2025-7503 is a security vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affect
Command injection via the hostname field allowing authenticated code execution with maximum CVSS 10.0 and scope change.
Synectix LAN 232 TRIO serial-to-ethernet adapter exposes its web management interface without authentication (CVSS 10.0)
An API authentication bypass allows unauthenticated attackers to impersonate legitimate users. Maximum CVSS 10.0 with sc
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today