CVE-2026-28527
Received Received - Intake

Out-of-Bounds Read in BlueKitchen BTstack AVRCP Controller

Vulnerability report for CVE-2026-28527, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-30

Last updated on: 2026-04-03

Assigner: VulnCheck

Description

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establish a paired Bluetooth Classic connection and send specially crafted VENDOR_DEPENDENT responses to trigger out-of-bounds reads, causing information disclosure and potential crashes on affected devices.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-30
Last Modified
2026-04-03
Generated
2026-07-06
AI Q&A
2026-03-30
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
bluekitchen-gmbh btstack to 1.8.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-28527 is an out-of-bounds read vulnerability in BlueKitchen BTstack, specifically in the AVRCP Controller's GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers.

This flaw allows nearby attackers to read memory beyond the boundaries of packets by establishing a paired Bluetooth Classic connection and sending specially crafted VENDOR_DEPENDENT responses.

Exploiting this vulnerability can cause information disclosure and potentially crash affected devices.

Compliance Impact

The vulnerability allows nearby attackers to read memory beyond packet boundaries, leading to information disclosure and potential crashes on affected devices.

Such information disclosure could potentially impact compliance with data protection regulations like GDPR or HIPAA if sensitive personal or health information is exposed through exploitation of this vulnerability.

However, the provided information does not specify the nature of the data exposed or whether it includes regulated personal or health data, so the exact compliance impact cannot be determined from the available context.

Impact Analysis

This vulnerability can impact you by allowing attackers in close proximity to access memory beyond intended limits on your device through a paired Bluetooth Classic connection.

Such unauthorized memory reads can lead to information disclosure, potentially exposing sensitive data.

Additionally, exploiting this flaw may cause your device to crash, leading to denial of service or instability.

Mitigation Strategies

To mitigate this vulnerability, update BlueKitchen BTstack to version 1.8.1 or later, where the issue has been fixed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28527. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart