CVE-2026-28528
Received Received - Intake
Out-of-Bounds Read in BlueKitchen BTstack AVRCP Causes Crashes

Publication date: 2026-03-30

Last updated on: 2026-04-06

Assigner: VulnCheck

Description
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds checking on the attr_id parameter to cause crashes and corrupt attribute bitmap state.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-30
Last Modified
2026-04-06
Generated
2026-06-16
AI Q&A
2026-03-30
EPSS Evaluated
2026-06-14
NVD
CVE-2026-28528
EUVD
EUVD-2026-17089
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bluekitchen-gmbh btstack to 1.8.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-758 The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-28528 is an out-of-bounds read vulnerability in BlueKitchen BTstack's AVRCP Browsing Target GET_FOLDER_ITEMS handler. The issue occurs because the software does not properly validate packet boundaries and attribute count data, specifically failing to check the attr_id parameter correctly.

An attacker who has a paired Bluetooth Classic connection can exploit this flaw to cause crashes and corrupt the attribute bitmap state, potentially leading to undefined or unexpected behavior in the affected system.

Impact Analysis

This vulnerability can be exploited by an attacker with a paired Bluetooth Classic connection to cause crashes and corrupt internal attribute data. This can lead to instability or denial of service in the affected device or application.

The impact affects the integrity and availability of the system, meaning that data could be corrupted and the system could become unavailable or unreliable during exploitation.

Detection Guidance

This vulnerability involves an out-of-bounds read in the AVRCP Browsing Target GET_FOLDER_ITEMS handler of BlueKitchen BTstack, exploitable via a paired Bluetooth Classic connection. Detection would require monitoring Bluetooth Classic connections and specifically inspecting AVRCP GET_FOLDER_ITEMS requests for malformed attr_id parameters that exceed expected bounds.

No specific detection commands or tools are provided in the available resources. However, network or system administrators could consider using Bluetooth protocol analyzers or packet capture tools to monitor AVRCP traffic and look for irregularities in GET_FOLDER_ITEMS requests.

Mitigation Strategies

The primary mitigation step is to update BlueKitchen BTstack to version 1.8.1 or later, where this out-of-bounds read vulnerability has been addressed.

Additionally, limiting or disabling Bluetooth Classic connections where possible, especially from untrusted devices, can reduce the risk of exploitation.

Monitoring paired devices and restricting user interaction with unknown Bluetooth devices can also help mitigate potential attacks.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28528. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart