CVE-2026-23748 | Golioth Firmware SDK up to 0.21.x LightDB State String Parser memcpy payload_size integer underflow

A vulnerability labeled as problematic has been found in Golioth Firmware SDK up to 0.21.x. This issue affects the function memcpy of the component LightDB State String Parser. Executing a manipulation of the argument payload_size can lead to integer underflow.

This vulnerability is tracked as CVE-2026-23748. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More