What is GHSA-cwmx-qwp4-jp5h?

GHSA-cwmx-qwp4-jp5h is a security advisory published by GitHub Security Advisories with High severity. An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote...

Which CVE IDs does GHSA-cwmx-qwp4-jp5h cover?

GHSA-cwmx-qwp4-jp5h covers the following CVE IDs: CVE-2026-38427. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-cwmx-qwp4-jp5h?

GHSA-cwmx-qwp4-jp5h has a CVSS v3 base score of 7.3, published by GitHub Security Advisories.

GHSA-cwmx-qwp4-jp5hHighCVSS 7.3

An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 27, 2026

🔗 CVE IDs covered (1)

CVE-2026-38427 →

📋 Description

An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16_t variable; values above 65535 wrap around, causing allocation of a smaller buffer than the data actually read.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-38427
https://github.com/arendst/Tasmota/blob/c207cc2/tasmota/tasmota_xdrv_driver/xdrv_10_scripter.ino
https://github.com/sermikr0/CVE-2026-38427
https://github.com/advisories/GHSA-cwmx-qwp4-jp5h