CVE-2026-27703

Name of the Vulnerable Software and Affected Versions RIOT versions 2026.01 and earlier

Description RIOT is an open-source microcontroller operating system designed for Internet of Things (IoT) and embedded devices. A flaw exists in the default handler for the well known core resource, coap well known core default handler. This handler writes user-provided data into a fixed-size buffer without sufficient validation, potentially leading to a buffer overflow. This can allow an attacker to corrupt adjacent stack locations, including the return address, resulting in denial of service or arbitrary code execution. The vulnerable operation involves writing option data and other data into the buffer.

Recommendations Versions prior to 2026.01 should be updated.