A vulnerability has been found in RT-Thread up to 5.0.2 and classified as critical. Affected by this issue is the function
CAN_Receive in the library bsp/synwit/libraries/SWM341_CSL/CMSIS/DeviceSupport/SWM341.h of the component SWM341 CAN Handler. Performing a manipulation results in stack-based buffer overflow.
This vulnerability was named CVE-2026-14606. The attack needs to be approached locally. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.