Esphome

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-23833 HIGH PATCH This Week

ESPHome versions 2025.9.0 through 2025.12.6 are vulnerable to a denial-of-service attack via integer overflow in the API protobuf decoder, affecting all supported microcontroller platforms (ESP32, ESP8266, RP2040, LibreTiny). Unauthenticated attackers can crash ESPHome devices by sending specially crafted packets with large field length values to bypass bounds checking when API encryption is disabled. Upgrade to version 2025.12.7 or later to remediate.

Integer Overflow Denial Of Service Esphome Redhat

NVD GitHub

CVSS 3.1

7.5

EPSS

0.1%

CVE-2026-23833

EPSS 0% CVSS 7.5

HIGH PATCH This Week

ESPHome versions 2025.9.0 through 2025.12.6 are vulnerable to a denial-of-service attack via integer overflow in the API protobuf decoder, affecting all supported microcontroller platforms (ESP32, ESP8266, RP2040, LibreTiny). Unauthenticated attackers can crash ESPHome devices by sending specially crafted packets with large field length values to bypass bounds checking when API encryption is disabled. Upgrade to version 2025.12.7 or later to remediate.

Integer Overflow Denial Of Service Esphome +1

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy