Vulnerability DatabaseCVE-2026-46532
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-46532
Published:June 10, 2026
Updated:June 28, 2026
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser (avrc_pars_vendor_cmd() in components/bt/host/bluedroid/stack/avrc/avrc_pars_tg.c). This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.4, and 6.0.1.
Affected Packages
https://github.com/espressif/esp-idf.git (GITHUB):
Affected version(s) =v6.0 <v6.0.1
Fix Suggestion:
Update to version v6.0.1
Related Resources (7)
https://github.com/espressif/esp-idf/commit/8746e5f7e762ead84d2902edec34d84cdd701b2b
https://github.com/espressif/esp-idf/commit/c53d05ae526607ca5eae9ffedaf57775eec33a4f
https://github.com/espressif/esp-idf/commit/b0959b5ab1dc60398a916c80f14b1816780c801e
https://github.com/espressif/esp-idf/commit/60f9362f83a05942069532f357c234cd5e5d4302
https://github.com/espressif/esp-idf/commit/7c004d3fe3022f5f0db98dd1b2d0648a3a9cfb3f
https://github.com/espressif/esp-idf/commit/56053c4d1f37955ccf296cf2f6dfd0f7ebd4fae6
https://github.com/espressif/esp-idf/security/advisories/GHSA-3pp8-42fh-3j3c
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.1
Attack Vector
ADJACENT
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.6
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
LOW
Weakness Type (CWE)
Out-of-bounds Read
CWE-125
EPSS
Base Score:
0.23