CVE-2026-45542 | espressif esp-idf up to 6.0 Protocomm security2.c handle_session_command0 heap-based overflow (GHSA-9r76-858f-v6jh)

A vulnerability classified as critical has been found in espressif esp-idf 5.2.6/5.3.5/5.4.4/5.5.4/6.0. Affected by this issue is the function handle_session_command0 of the file components/protocomm/src/security/security2.c of the component Protocomm. The manipulation leads to heap-based buffer overflow.

This vulnerability is traded as CVE-2026-45542. Access to the local network is required for this attack to succeed. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More