ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in components/esp_driver_jpeg/jpeg_parse_marker.c because the attacker-controlled DQT marker Tq nibble is used as an index into the qt_tbl array without validating that it is in the range 0..3, allowing malformed JPEG input to corrupt stack memory and reliably trigger a denial of service. This issue is fixed in version 6.0.2 and is expected to be fixed in versions 5.5.5, 5.4.5, and 5.3.6.
CVE-2026-55687
This high-severity CVE scores 7.5 under a secondary CVSS source (NVD's own analysis pending). EPSS exploit probability: 0.4%, top 69% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
- High severity, but no confirmed exploitation yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 7.5
- EG Score
- 7.5(medium)
- EPSS
- 30.6%
- KEV
- Not listed
Published
July 10, 2026
Last Modified
July 10, 2026
Advisory Details (7)
Auto-updated Jul 10, 2026Stack-Based Out-of-Bounds Write in JPEG Decoder DQT Marker Parsing · Advisory · espressif/esp-idf · GitHub
https://github.com/espressif/esp-idf/security/advisories/GHSA-v6r2-f6p2-88cjESP-IDF Release v6.0.2
Patch available: espressif/esp-idf v6.0.2
https://github.com/espressif/esp-idf/releases/tag/v6.0.2commit f2df45bcedef (espressif/esp-idf)
Fix landed in espressif/esp-idf commit f2df45bcedef — awaiting tagged release
https://github.com/espressif/esp-idf/commit/f2df45bcedef11354e83c31a9718d680a68422c4commit 82c5c2dad453 (espressif/esp-idf)
Fix landed in espressif/esp-idf commit 82c5c2dad453 — awaiting tagged release
https://github.com/espressif/esp-idf/commit/82c5c2dad45313786fb7e973059bc9094d95c3b2commit 7ccfc00f39fa (espressif/esp-idf)
Fix landed in espressif/esp-idf commit 7ccfc00f39fa — awaiting tagged release
https://github.com/espressif/esp-idf/commit/7ccfc00f39faf1b7e5919f45b56fe44ba699d7c1commit 6ffafe8e9314 (espressif/esp-idf)
Fix landed in espressif/esp-idf commit 6ffafe8e9314 — awaiting tagged release
https://github.com/espressif/esp-idf/commit/6ffafe8e93142ef8ffe51a6311d4abfc0f10fe77commit 303c01305acb (espressif/esp-idf)
Fix landed in espressif/esp-idf commit 303c01305acb — awaiting tagged release
https://github.com/espressif/esp-idf/commit/303c01305acb8ae5c4eb24a1786300681b4822a4Weakness Classification(2)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Data Freshness Timeline
(refreshed 14× in last 7d / 14× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-14 17:58 UTCEG score recompute
- 2026-07-14 05:47 UTCEG score recompute
- 2026-07-13 22:31 UTCEPSS rescore
- 2026-07-13 17:36 UTCEG score recompute
- 2026-07-13 06:13 UTCEPSS rescore
- 2026-07-13 06:13 UTCEPSS rescore
- 2026-07-13 05:25 UTCEG score recompute
- 2026-07-12 17:15 UTCEG score recompute
- 2026-07-12 05:46 UTCEPSS rescore
- 2026-07-12 05:04 UTCEG score recompute
- 2026-07-11 16:54 UTCEG score recompute
- 2026-07-11 04:44 UTCEG score recompute
- 2026-07-10 16:34 UTCEG score recompute
- 2026-07-10 16:32 UTCMITRE cvelistV5first tracked
Related CVEs(same CWE)
Same CWE
10 shownCWE-121 · CWE-787
Frequently asked(5)
What is CVE-2026-55687?
When was CVE-2026-55687 disclosed?
Is CVE-2026-55687 actively exploited?
What is the CVSS score of CVE-2026-55687?
How do I remediate CVE-2026-55687?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2026-55687
Is Your Infrastructure Affected by CVE-2026-55687?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.