What is CVE-2026-41429?

CVE-2026-41429 is a high-severity vulnerability in Espressif Arduino-esp32, classified under Stack-based Buffer Overflow. CVSS score: 8.8/10. Published 2026-04-24.

How severe is CVE-2026-41429?

High severity. CVSS v3 base score is 8.8 out of 10.

Buffer overflow in Espressif Arduino-esp32

CVE-2026-41429

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is e…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (5.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Espressif Arduino-esp32 — versions < 3.3.8
Espressif Esp32
Espressif Esp32-c3
Espressif Esp32-c6
Espressif Esp32-h2
Espressif Esp32-s2
Espressif Esp32-s3

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

References

https://github.com/espressif/arduino-esp32/security/advisories/GHSA-92j9-c75g-2c5f (x_refsource_CONFIRM, Exploit, Vendor Advisory)

Frequently asked questions

What is CVE-2026-41429?: CVE-2026-41429 is a high-severity vulnerability in Espressif Arduino-esp32, classified under Stack-based Buffer Overflow. CVSS score: 8.8/10. Published 2026-04-24.
How severe is CVE-2026-41429?: High severity. CVSS v3 base score is 8.8 out of 10.