CVE-2026-46532 | espressif esp-idf up to 6.0 BlueDroid AVRCP vendor-command Parser avrc_pars_tg.c avrc_pars_vendor_cmd out-of-bounds (GHSA-3pp8-42fh-3j3c)

A vulnerability classified as critical was found in espressif esp-idf 5.2.6/5.3.5/5.4.4/5.5.3/6.0. This affects the function avrc_pars_vendor_cmd of the file components/bt/host/bluedroid/stack/avrc/avrc_pars_tg.c of the component BlueDroid AVRCP vendor-command Parser. The manipulation results in out-of-bounds read.

This vulnerability is known as CVE-2026-46532. Access to the local network is required for this attack. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More