Browse all 4 CVE security advisories affecting Golioth. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Golioth is an IoT device management platform enabling remote monitoring and control of connected devices. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure authentication mechanisms. The platform has faced security incidents, including four publicly disclosed CVEs, highlighting risks in its web interface and device communication protocols. Security researchers have identified weaknesses in firmware update processes and default configurations that could allow unauthorized access. While Golioth provides device management capabilities, its historical vulnerability profile suggests organizations should implement additional security controls and regular patching to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-23750 | Golioth Pouch < [INSERT FIXED VERSION] BLE GATT Heap-based Buffer Overflow — PouchCWE-122 | 8.1 | High | 2026-02-26 |
| CVE-2026-23749 | Golioth Firmware SDK < 0.22.0 Blockwise Transfer Path Out-of-Bounds Read — Firmware SDKCWE-170 | 2.9 | Low | 2026-02-26 |
| CVE-2026-23748 | Golioth Firmware SDK < 0.22.0 LightDB State Out-of-Bounds Read — Firmware SDKCWE-191 | 3.7 | Low | 2026-02-26 |
| CVE-2026-23747 | Golioth Firmware SDK < 0.22.0 Payload Utils Stack-based Buffer Overflow — Firmware SDKCWE-121 | 3.7 | Low | 2026-02-26 |
This page lists every published CVE security advisory associated with Golioth. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.