CVE-2026-46532

CVSS v3.1

4.6

Medium

Vector

AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser (avrc pars vendor cmd() in components/bt/host/bluedroid/stack/avrc/avrc pars tg.c). This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.4, and 6.0.1.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2026-46532

Affected Products

Esp-Idf

CVE-2026-46532

Weakness Enumeration

Related Identifiers

Affected Products

References · 8