CVE-2026-28519

Source
https://cve.org/CVERecord?id=CVE-2026-28519
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-28519.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-28519
Published
2026-03-15T13:36:47.991Z
Modified
2026-07-08T08:06:45.837185727Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
arduino-TuyaOpen DnsServer Heap-Based Buffer Overflow Remote Code Execution
Details

arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrary code on affected embedded devices.

Database specific
{
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-122"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/28xxx/CVE-2026-28519.json"
}
References

Affected packages

Git / github.com/tuya/arduino-tuyaopen

Affected ranges

Type
GIT
Repo
https://github.com/tuya/arduino-tuyaopen
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.2.1"
        }
    ],
    "cpe": "cpe:2.3:a:tuya:arduino-tuyaopen:*:*:*:*:*:*:*:*"
}

Affected versions

0.*
0.0.2
0.0.3
0.0.4
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.2.0
Other
global

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-28519.json"