PT-2026-22746 · Tuya · Tuya Sdk+1

Deoplljj

Published

2026-03-03

Updated

2026-03-04

CVE-2026-3465

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Tuya App and SDK version 24.07.11

Description A denial of service condition exists in Tuya App and SDK. The issue affects an unknown functionality within the JSON Data Point Handler component. Manipulation of the cruise time argument can lead to a denial of service. Remote exploitation is possible, but considered complex and difficult. The exploit has been publicly disclosed. The vendor disputes the validity of the finding, stating it does not represent a security vulnerability but rather abnormal product functionality.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

CVE-2026-3465

Affected Products

Tuya App

Tuya Sdk

PT-2026-22746 · Tuya · Tuya Sdk+1

CVE-2026-3465

Weakness Enumeration

Related Identifiers

Affected Products

References · 10