What is CVE-2026-27703?

CVE-2026-27703 is a high-severity vulnerability in Riot-os Riot, classified under Out-of-bounds Write. CVSS score: 7.5/10. Published 2026-03-11.

How severe is CVE-2026-27703?

High severity. CVSS v3 base score is 7.5 out of 10.

Buffer overflow in Riot-os Riot

CVE-2026-27703

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In 2026.01 and earlier, the default handler for the well_known_core resource coap_w…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (26.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Riot-os Riot — versions <= 2026.01

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-qgj4-9jff-93cj (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-27703?: CVE-2026-27703 is a high-severity vulnerability in Riot-os Riot, classified under Out-of-bounds Write. CVSS score: 7.5/10. Published 2026-03-11.
How severe is CVE-2026-27703?: High severity. CVSS v3 base score is 7.5 out of 10.