CVE-2026-25507 | Espressif ESP-IDF 5.1.6/5.2.6/5.3.4/5.4.3/5.5.2 GATT Service protocomm_ble use after free (GHSA-h7r3-gmg9-xjmg)

Inserito da Angelo Barbosa | Feb 4, 2026 | CVE

A vulnerability described as critical has been identified in Espressif ESP-IDF 5.1.6/5.2.6/5.3.4/5.4.3/5.5.2. The impacted element is the function protocomm_ble of the component GATT Service. Such manipulation leads to use after free.

This vulnerability is traded as CVE-2026-25507. Access to the local network is required for this attack to succeed. There is no exploit available.

Upgrading the affected component is recommended.

CVE-2026-25507 | Espressif ESP-IDF 5.1.6/5.2.6/5.3.4/5.4.3/5.5.2 GATT Service protocomm_ble use after free (GHSA-h7r3-gmg9-xjmg)

Post correlati

CVE-2024-20314 | Cisco IOS XE up to 17.12.1w SD-Access Fabric Edge Node operator precedence logic error (cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG)

CVE-2024-34095 | Adobe Acrobat Reader up to 20.005.30574/24.002.20736 use after free (apsb24-29)

CVE-2024-52917 | Bitcoin Core up to 21.x on MiniUPnP infinite loop

CVE-2024-12717 | Aklamator INfeed Plugin up to 2.0.0 on WordPress Setting cross site scripting