How serious is CVE-2026-23750?

This vulnerability has a CVSS score of 7.2 out of 10, classified as HIGH severity. No public exploit code has been identified yet.

Which products are affected by CVE-2026-23750?

Check the official CVE details for a complete list of affected products and versions.

How do I fix CVE-2026-23750?

To remediate CVE-2026-23750, check for security patches from the vendor. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-23750

High

|7.2

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

An attacker can send specially crafted data to a vulnerable device, causing it to crash or potentially corrupt its memory, which could lead to unauthorized access or control. This requires the attacker to be within range of the device and able to communicate with it over Bluetooth.

Technical Description

Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. server_cert_write() allocates a heap buffer of size CONFIG_POUCH_SERVER_CERT_MAX_LEN when receiving the first fragment, then appends subsequent fragments using memcpy() without verifying that sufficient capacity remains. An adjacent BLE client can send unauthenticated fragments whose combined size exceeds the allocated buffer, causing a heap overflow and crash; integrity impact is also possible due to memory corruption.

CVSS Vector Analysis

Attack VectorAdjacent Network

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$1,421($1K-$5K)

Vendor Response

Grade APatched in 0 days

Quick Information

Published

Feb 26, 2026

about 1 month ago

Last Modified

Feb 27, 2026

about 1 month ago