CVE-2026-38426
Possible ATT&CK Techniques 2AI
T1190 · Exploit Public-Facing Application T1203 · Exploitation for Client ExecutionGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-38426
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv_10_scripter.ino, fetch_jpg(), jpg_task.boundary[40], strcpy() function.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tasmota 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tasmota是Theo Arends个人开发者的一个物联网设备固件与自动化控制平台。 Tasmota 15.3.0.3及之前版本存在安全漏洞,该漏洞源于xdrv_10_scripter.ino文件中fetch_jpg()函数中jpg_task.boundary[40]的strcpy()函数存在缓冲区溢出,可能导致远程攻击者执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2026-38426
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-38426
请登录查看更多情报信息。
Proof of Concept for CVE-2026-38426 (1)
Other References for CVE-2026-38426 (1)
Same Patch Batch · n/a · 2026-05-27 · 28 CVEs total
| CVE-2026-36044 | 8.8 HIGH | Pensar Apex 安全漏洞 |
| CVE-2026-4390 | 5.4 MEDIUM | TeamSpeak 3 Server Connection State Management process_resend_queue use after free |
| CVE-2026-4392 | 5.3 MEDIUM | TeamSpeak 3 Server clientek Handshake assertion |
| CVE-2026-4391 | 5.3 MEDIUM | TeamSpeak 3 Server ECC Key heap-based overflow |
| CVE-2026-38945 | RayVentory Scan Engine 安全漏洞 | |
| CVE-2026-33552 | Northern.tech Mender Enterprise Server 安全漏洞 | |
| CVE-2026-49009 | Northern.tech Mender Server 安全漏洞 | |
| CVE-2025-69600 | RayVentory Scan Engine 安全漏洞 | |
| CVE-2025-67903 | Northern.tech Mender Client 安全漏洞 | |
| CVE-2026-38808 | uzy-ssm-mall 安全漏洞 | |
| CVE-2026-38807 | kvf-admin 安全漏洞 | |
| CVE-2025-70116 | GPAC MP4Box 安全漏洞 | |
| CVE-2025-68712 | Spsoft APPLOCK 安全漏洞 | |
| CVE-2026-38930 | OpenRapid RapidCMS 安全漏洞 | |
| CVE-2026-38931 | SimplePHP 安全漏洞 | |
| CVE-2026-36540 | Netis AC1200 安全漏洞 | |
| CVE-2025-70103 | libjxl 安全漏洞 | |
| CVE-2026-30498 | AdminPanel 安全漏洞 | |
| CVE-2026-31266 | Craft CMS 安全漏洞 | |
| CVE-2026-37711 | Dolibarr ERP/CRM 安全漏洞 |
Showing top 20 of 28 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2026-38426
No comments yet