Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

arduino — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting arduino. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Arduino serves as an open-source electronics platform for creating interactive projects, widely used in prototyping and educational environments. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from insecure web interfaces and default credentials. While not a primary target for sophisticated attacks, its accessibility makes it susceptible to exploitation in IoT deployments. Notable incidents involve compromised devices being used in botnets or for unauthorized data collection. The platform's simplicity and widespread adoption present security challenges, particularly when deployed without proper hardening. Users must remain vigilant about potential vulnerabilities, especially in internet-connected implementations.

Top products by arduino: arduino-create-agent arduino-ide ArduinoCore-avr arduino-app-lab
CVE IDTitleCVSSSeverityPublished
CVE-2026-25933 Arduino App Lab has Improper Data Validation in Internal Terminal Interface — arduino-app-labCWE-78 6.9 Medium2026-02-12
CVE-2025-69209 ArduinoCore-avr has Stack-Based Buffer Overflow in WString Float/Double Constructors — ArduinoCore-avrCWE-120 9.8AICriticalAI2026-01-21
CVE-2025-64724 Arduino IDE for macOS has Insecure File Permissions — arduino-ideCWE-276 7.3AIHighAI2025-12-18
CVE-2025-64723 Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection — arduino-ideCWE-276 8.0AIHighAI2025-12-18
CVE-2025-27608 Self Cross-Site Scripting in Arduino IDE — arduino-ideCWE-79 6.1AIMediumAI2025-04-02
CVE-2023-49296 Arduino Create Agent vulnerable to Reflected Cross-Site Scripting — arduino-create-agentCWE-79 6.3 Medium2023-12-13
CVE-2023-43800 Insufficient Verification of Data Authenticity in Arduino Create Agent — arduino-create-agentCWE-345 7.3 High2023-10-18
CVE-2023-43801 Path traversal in Arduino Create Agent — arduino-create-agentCWE-22 6.1 Medium2023-10-18
CVE-2023-43802 Path traversal in Arduino Create Agent — arduino-create-agentCWE-22 7.1 High2023-10-18
CVE-2023-43803 Path traversal in Arduino Create Agent — arduino-create-agentCWE-22 6.1 Medium2023-10-18

This page lists every published CVE security advisory associated with arduino. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.