CVE-2026-28527

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GET PLAYER APPLICATION SETTING ATTRIBUTE TEXT and GET PLAYER APPLICATION SETTING VALUE TEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establish a paired Bluetooth Classic connection and send specially crafted VENDOR DEPENDENT responses to trigger out-of-bounds reads, causing information disclosure and potential crashes on affected devices.