CVE-2026-28519
Awaiting Analysis Awaiting Analysis - Queue
Heap-Based Buffer Overflow in arduino-TuyaOpen DnsServer Enables Code Execution

Publication date: 2026-03-16

Last updated on: 2026-03-17

Assigner: VulnCheck

Description
arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrary code on affected embedded devices.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-03-17
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-28519
EUVD
EUVD-2026-12226
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tuya arduino-tuyaopen to 1.2.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, you should update the arduino-TuyaOpen software to version 1.2.1 or later, where the heap-based buffer overflow issue in the DnsServer component has been fixed.

Additionally, since the vulnerability requires an attacker to be on the same local area network controlling the LAN DNS server, you should ensure your LAN DNS servers are secure and trusted to prevent malicious DNS responses.

Executive Summary

CVE-2026-28519 is a high-severity heap-based buffer overflow vulnerability found in the DnsServer component of arduino-TuyaOpen versions prior to 1.2.1.

An attacker on the same local area network (LAN) who controls the LAN DNS server can send malicious DNS responses that overflow the heap buffer.

This overflow can potentially allow the attacker to execute arbitrary code on affected embedded devices.

Impact Analysis

This vulnerability can lead to remote code execution on affected embedded devices running arduino-TuyaOpen versions prior to 1.2.1.

An attacker with access to the same LAN and control over the LAN DNS server can exploit this flaw without requiring privileges or user interaction.

Successful exploitation can compromise the confidentiality, integrity, and availability of the device, potentially allowing the attacker to take full control.

Compliance Impact

I don't know

Detection Guidance

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28519. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart