{"id":"CVE-2026-28521","details":"arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-bounds memory access that may result in information disclosure or a denial-of-service condition.","modified":"2026-04-12T20:14:02.809679Z","published":"2026-03-16T14:19:28.557Z","references":[{"type":"ADVISORY","url":"https://src.tuya.com/announcement/32"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/arduino-tuyaopen-tuyaiot-out-of-bounds-memory-read-information-disclosure"},{"type":"PACKAGE","url":"https://github.com/tuya/arduino-TuyaOpen"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tuya/arduino-TuyaOpen","events":[{"introduced":"0"},{"fixed":"1712806afe66fa2abe787ddf8cdb0e53f49ed96c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.2.1"}]}}],"versions":["0.0.2","0.0.3","0.0.4","1.0.0","1.0.1","1.0.2","1.0.3","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9","1.2.0","global"],"database_specific":{"vanir_signatures":[{"target":{"function":"TuyaIoTCloudClass::uartAuthInit","file":"libraries/TuyaIoT/src/TuyaIoT.cpp"},"signature_type":"Function","id":"CVE-2026-28521-02e27cba","deprecated":false,"source":"https://github.com/tuya/arduino-TuyaOpen/commit/1712806afe66fa2abe787ddf8cdb0e53f49ed96c","signature_version":"v1","digest":{"function_hash":"228376957563261250250323542310764060167","length":141}},{"target":{"function":"tuya_app_main","file":"cores/tuya_open/tuya_app_main.c"},"signature_type":"Function","id":"CVE-2026-28521-272ccc2b","deprecated":false,"source":"https://github.com/tuya/arduino-TuyaOpen/commit/1712806afe66fa2abe787ddf8cdb0e53f49ed96c","signature_version":"v1","digest":{"function_hash":"35339061321589632932171406056722236442","length":241}},{"target":{"file":"cores/tuya_open/tuya_app_main.c"},"signature_type":"Line","id":"CVE-2026-28521-3436f91b","deprecated":false,"source":"https://github.com/tuya/arduino-TuyaOpen/commit/1712806afe66fa2abe787ddf8cdb0e53f49ed96c","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["111002027523529430165214499337533858255","321222107020963642537475106455708529566","114793625497611877257020758582591167117","85147159063347037920855839645972837721","122876489708497389863253870811302714898","186633455858800647837972764082670996163","260018632668019599036932807639221307533","243792348152715600219857031707048251536","131778133239169255758495386960328441692","258623905542365265942026793827399340622","290339756397933325316802769427471948747","211201213007954943571599682875827404419","136564073643278925125167076826882036317","40438577432183700989303279624905867037","111136637917233513941512870603071453355","161452998591767123238495747428234810561","221521972120789712207169709268343971758","311145983598839541522785901911962184078","112047612856236419077163716352223227658"]}},{"target":{"function":"ArduinoThread","file":"cores/tuya_open/tuya_app_main.c"},"signature_type":"Function","id":"CVE-2026-28521-41331859","deprecated":false,"source":"https://github.com/tuya/arduino-TuyaOpen/commit/1712806afe66fa2abe787ddf8cdb0e53f49ed96c","signature_version":"v1","digest":{"function_hash":"93408165737688110381178319758432194100","length":412}},{"target":{"function":"app_open_sdk_init","file":"cores/tuya_open/tuya_app_main.c"},"signature_type":"Function","id":"CVE-2026-28521-e49b156c","deprecated":false,"source":"https://github.com/tuya/arduino-TuyaOpen/commit/1712806afe66fa2abe787ddf8cdb0e53f49ed96c","signature_version":"v1","digest":{"function_hash":"339681762992278317836038670379132180264","length":624}},{"target":{"file":"libraries/TuyaIoT/src/TuyaIoT.cpp"},"signature_type":"Line","id":"CVE-2026-28521-e6910c1c","deprecated":false,"source":"https://github.com/tuya/arduino-TuyaOpen/commit/1712806afe66fa2abe787ddf8cdb0e53f49ed96c","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["194359451344183338622208622591928545213","154701627822890261176436257489988882276","127340910170432909922303014673800644066","314551761760421513250537235208057793214","297198778696204573490905265517791861921","205079730317756643793406493237618454423","216200924144760417129861083690758779699","299086485031529851372843085194420344056"]}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-28521.json","vanir_signatures_modified":"2026-04-12T20:14:02Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}