{"id":"CVE-2026-28519","details":"arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrary code on affected embedded devices.","modified":"2026-04-12T20:14:03.473581Z","published":"2026-03-16T14:19:28.127Z","references":[{"type":"ADVISORY","url":"https://src.tuya.com/announcement/32"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/arduino-tuyaopen-dnsserver-heap-based-buffer-overflow-remote-code-execution"},{"type":"PACKAGE","url":"https://github.com/tuya/arduino-TuyaOpen"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tuya/arduino-TuyaOpen","events":[{"introduced":"0"},{"fixed":"1712806afe66fa2abe787ddf8cdb0e53f49ed96c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.2.1"}]}}],"versions":["0.0.2","0.0.3","0.0.4","1.0.0","1.0.1","1.0.2","1.0.3","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9","1.2.0","global"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","source":"https://github.com/tuya/arduino-TuyaOpen/commit/1712806afe66fa2abe787ddf8cdb0e53f49ed96c","id":"CVE-2026-28519-02e27cba","digest":{"function_hash":"228376957563261250250323542310764060167","length":141},"deprecated":false,"target":{"file":"libraries/TuyaIoT/src/TuyaIoT.cpp","function":"TuyaIoTCloudClass::uartAuthInit"},"signature_type":"Function"},{"signature_version":"v1","source":"https://github.com/tuya/arduino-TuyaOpen/commit/1712806afe66fa2abe787ddf8cdb0e53f49ed96c","id":"CVE-2026-28519-272ccc2b","digest":{"function_hash":"35339061321589632932171406056722236442","length":241},"deprecated":false,"target":{"file":"cores/tuya_open/tuya_app_main.c","function":"tuya_app_main"},"signature_type":"Function"},{"signature_version":"v1","source":"https://github.com/tuya/arduino-TuyaOpen/commit/1712806afe66fa2abe787ddf8cdb0e53f49ed96c","id":"CVE-2026-28519-3436f91b","digest":{"line_hashes":["111002027523529430165214499337533858255","321222107020963642537475106455708529566","114793625497611877257020758582591167117","85147159063347037920855839645972837721","122876489708497389863253870811302714898","186633455858800647837972764082670996163","260018632668019599036932807639221307533","243792348152715600219857031707048251536","131778133239169255758495386960328441692","258623905542365265942026793827399340622","290339756397933325316802769427471948747","211201213007954943571599682875827404419","136564073643278925125167076826882036317","40438577432183700989303279624905867037","111136637917233513941512870603071453355","161452998591767123238495747428234810561","221521972120789712207169709268343971758","311145983598839541522785901911962184078","112047612856236419077163716352223227658"],"threshold":0.9},"deprecated":false,"target":{"file":"cores/tuya_open/tuya_app_main.c"},"signature_type":"Line"},{"signature_version":"v1","source":"https://github.com/tuya/arduino-TuyaOpen/commit/1712806afe66fa2abe787ddf8cdb0e53f49ed96c","id":"CVE-2026-28519-41331859","digest":{"function_hash":"93408165737688110381178319758432194100","length":412},"deprecated":false,"target":{"file":"cores/tuya_open/tuya_app_main.c","function":"ArduinoThread"},"signature_type":"Function"},{"signature_version":"v1","source":"https://github.com/tuya/arduino-TuyaOpen/commit/1712806afe66fa2abe787ddf8cdb0e53f49ed96c","id":"CVE-2026-28519-e49b156c","digest":{"function_hash":"339681762992278317836038670379132180264","length":624},"deprecated":false,"target":{"file":"cores/tuya_open/tuya_app_main.c","function":"app_open_sdk_init"},"signature_type":"Function"},{"signature_version":"v1","source":"https://github.com/tuya/arduino-TuyaOpen/commit/1712806afe66fa2abe787ddf8cdb0e53f49ed96c","id":"CVE-2026-28519-e6910c1c","digest":{"line_hashes":["194359451344183338622208622591928545213","154701627822890261176436257489988882276","127340910170432909922303014673800644066","314551761760421513250537235208057793214","297198778696204573490905265517791861921","205079730317756643793406493237618454423","216200924144760417129861083690758779699","299086485031529851372843085194420344056"],"threshold":0.9},"deprecated":false,"target":{"file":"libraries/TuyaIoT/src/TuyaIoT.cpp"},"signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-28519.json","vanir_signatures_modified":"2026-04-12T20:14:03Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}