CVE-2026-25933

Name of the Vulnerable Software and Affected Versions Arduino App Lab versions prior to 0.4.0

Description Arduino App Lab, a cross-platform IDE for developing Arduino Apps, contains a flaw in its Terminal component. Insufficient input sanitization and validation of data received from connected hardware devices, specifically in the info.Serial and info.Address metadata fields, allows for potential code execution. An attacker requires physical access to a compromised board to supply crafted strings containing shell metacharacters. These crafted strings are then executed with the privileges of the user running the application when the host system processes the fields.

Recommendations Update to version 0.4.0 or later.