CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-27703

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In 2026.01 and earlier, the default handler for the well_known_core resource coap_well_known_core_default_handler writes user-provided option data and other data into a fixed size buffer without validating the buffer is large enough to contain the response. This vulnerability allows an attacker to corrupt neighboring stack location, including security-sensitive addresses like the return address, leading to denial of service or arbitrary code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.4%

CVSS Severity

CVSS v3 Score 7.5

References

https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-qgj4-9jff-93cj

Products affected by CVE-2026-27703

Riot-Os » Riot » Version: 2013.08

cpe:2.3:o:riot-os:riot:2013.08
Riot-Os » Riot » Version: 2014.01

cpe:2.3:o:riot-os:riot:2014.01
Riot-Os » Riot » Version: 2014.05

cpe:2.3:o:riot-os:riot:2014.05
Riot-Os » Riot » Version: 2014.12

cpe:2.3:o:riot-os:riot:2014.12
Riot-Os » Riot » Version: 2015.09

cpe:2.3:o:riot-os:riot:2015.09
Riot-Os » Riot » Version: 2015.12

cpe:2.3:o:riot-os:riot:2015.12
Riot-Os » Riot » Version: 2016.04

cpe:2.3:o:riot-os:riot:2016.04
Riot-Os » Riot » Version: 2016.07

cpe:2.3:o:riot-os:riot:2016.07
Riot-Os » Riot » Version: 2016.10

cpe:2.3:o:riot-os:riot:2016.10
Riot-Os » Riot » Version: 2017.01

cpe:2.3:o:riot-os:riot:2017.01
Riot-Os » Riot » Version: 2017.04

cpe:2.3:o:riot-os:riot:2017.04
Riot-Os » Riot » Version: 2017.07

cpe:2.3:o:riot-os:riot:2017.07
Riot-Os » Riot » Version: 2017.10

cpe:2.3:o:riot-os:riot:2017.10
Riot-Os » Riot » Version: 2018.01

cpe:2.3:o:riot-os:riot:2018.01
Riot-Os » Riot » Version: 2018.04

cpe:2.3:o:riot-os:riot:2018.04
Riot-Os » Riot » Version: 2018.07

cpe:2.3:o:riot-os:riot:2018.07
Riot-Os » Riot » Version: 2018.10

cpe:2.3:o:riot-os:riot:2018.10
Riot-Os » Riot » Version: 2018.10.1

cpe:2.3:o:riot-os:riot:2018.10.1
Riot-Os » Riot » Version: 2019.01

cpe:2.3:o:riot-os:riot:2019.01
Riot-Os » Riot » Version: 2019.04

cpe:2.3:o:riot-os:riot:2019.04
Riot-Os » Riot » Version: 2019.07

cpe:2.3:o:riot-os:riot:2019.07
Riot-Os » Riot » Version: 2019.10

cpe:2.3:o:riot-os:riot:2019.10
Riot-Os » Riot » Version: 2020.01

cpe:2.3:o:riot-os:riot:2020.01
Riot-Os » Riot » Version: 2020.01.1

cpe:2.3:o:riot-os:riot:2020.01.1
Riot-Os » Riot » Version: 2020.04

cpe:2.3:o:riot-os:riot:2020.04
Riot-Os » Riot » Version: 2021.01

cpe:2.3:o:riot-os:riot:2021.01
Riot-Os » Riot » Version: 2021.04

cpe:2.3:o:riot-os:riot:2021.04
Riot-Os » Riot » Version: 2021.07

cpe:2.3:o:riot-os:riot:2021.07
Riot-Os » Riot » Version: 2021.10

cpe:2.3:o:riot-os:riot:2021.10
Riot-Os » Riot » Version: 2022.01

cpe:2.3:o:riot-os:riot:2022.01
Riot-Os » Riot » Version: 2022.04

cpe:2.3:o:riot-os:riot:2022.04
Riot-Os » Riot » Version: 2022.07

cpe:2.3:o:riot-os:riot:2022.07
Riot-Os » Riot » Version: 2022.10

cpe:2.3:o:riot-os:riot:2022.10
Riot-Os » Riot » Version: 2023.01

cpe:2.3:o:riot-os:riot:2023.01
Riot-Os » Riot » Version: 2023.04

cpe:2.3:o:riot-os:riot:2023.04
Riot-Os » Riot » Version: 2023.07

cpe:2.3:o:riot-os:riot:2023.07
Riot-Os » Riot » Version: 2023.10

cpe:2.3:o:riot-os:riot:2023.10
Riot-Os » Riot » Version: 2024.01

cpe:2.3:o:riot-os:riot:2024.01
Riot-Os » Riot » Version: 2024.04

cpe:2.3:o:riot-os:riot:2024.04
Riot-Os » Riot » Version: 2024.07

cpe:2.3:o:riot-os:riot:2024.07
Riot-Os » Riot » Version: 2024.10

cpe:2.3:o:riot-os:riot:2024.10
Riot-Os » Riot » Version: 2025.01

cpe:2.3:o:riot-os:riot:2025.01
Riot-Os » Riot » Version: 2025.04

cpe:2.3:o:riot-os:riot:2025.04
Riot-Os » Riot » Version: 2025.07

cpe:2.3:o:riot-os:riot:2025.07
Riot-Os » Riot » Version: 2025.10

cpe:2.3:o:riot-os:riot:2025.10
Riot-Os » Riot » Version: 2026.01

cpe:2.3:o:riot-os:riot:2026.01

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-27703

Products

Pricing

Contact Us