CVE-2026-28519HIGH 8.8EPSS p31.2%

CVE-2026-28519CVE-2026-28519

Description

arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrary code on affected embedded devices.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.40% probability of exploitation · percentile 31.2% · 2026-06-19T12:03:05Z
Published2026-03-16
Last modified2026-03-17

Underlying weaknesses· 1

CWE-122

References

  1. https://github.com/tuya/arduino-TuyaOpen
  2. https://src.tuya.com/announcement/32
  3. https://www.vulncheck.com/advisories/arduino-tuyaopen-dnsserver-heap-based-buffer-overflow-remote-code-execution

1

TypeTargetConfidenceTier
WeaknessHeap-based Buffer Overflowcwe-1220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-28520
CVE
CVE-2025-45865
CVE
CVE-2025-8170
CVE
CVE-2026-29004
CVE
CVE-2025-61983
CVE
CVE-2025-58077
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.