A vulnerability was found in RT-Thread up to 5.0.2 and classified as critical. This affects the function
sys_getaddrinfo of the file components/lwp/lwp_syscall.c. Executing a manipulation of the argument ai_addr can lead to memory corruption.
The identification of this vulnerability is CVE-2026-14607. The attack can only be executed locally. Furthermore, there is an exploit available.
The pull request to fix this issue awaits acceptance.