A vulnerability was found in RT-Thread up to 5.0.2 and classified as critical. This affects the function sys_getaddrinfo of the file components/lwp/lwp_syscall.c. Executing a manipulation of the argument ai_addr can lead to memory corruption.

The identification of this vulnerability is CVE-2026-14607. The attack can only be executed locally. Furthermore, there is an exploit available.

The pull request to fix this issue awaits acceptance.