CVE-2026-28527
Received Received - Intake
Out-of-Bounds Read in BlueKitchen BTstack AVRCP Controller

Publication date: 2026-03-30

Last updated on: 2026-04-03

Assigner: VulnCheck

Description
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establish a paired Bluetooth Classic connection and send specially crafted VENDOR_DEPENDENT responses to trigger out-of-bounds reads, causing information disclosure and potential crashes on affected devices.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-30
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-03-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-28527
EUVD
EUVD-2026-17087
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bluekitchen-gmbh btstack to 1.8.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows nearby attackers to read memory beyond packet boundaries, leading to information disclosure and potential crashes on affected devices.

Such information disclosure could potentially impact compliance with data protection regulations like GDPR or HIPAA if sensitive personal or health information is exposed through exploitation of this vulnerability.

However, the provided information does not specify the nature of the data exposed or whether it includes regulated personal or health data, so the exact compliance impact cannot be determined from the available context.

Executive Summary

CVE-2026-28527 is an out-of-bounds read vulnerability in BlueKitchen BTstack, specifically in the AVRCP Controller's GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers.

This flaw allows nearby attackers to read memory beyond the boundaries of packets by establishing a paired Bluetooth Classic connection and sending specially crafted VENDOR_DEPENDENT responses.

Exploiting this vulnerability can cause information disclosure and potentially crash affected devices.

Impact Analysis

This vulnerability can impact you by allowing attackers in close proximity to access memory beyond intended limits on your device through a paired Bluetooth Classic connection.

Such unauthorized memory reads can lead to information disclosure, potentially exposing sensitive data.

Additionally, exploiting this flaw may cause your device to crash, leading to denial of service or instability.

Mitigation Strategies

To mitigate this vulnerability, update BlueKitchen BTstack to version 1.8.1 or later, where the issue has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28527. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart