E

Espressif Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Espressif products.

3 known CVE vulnerabilities tracked

Critical
0
High
3
Medium
0
Low
0
None
0

Vulnerabilities By Year

2
2025
1
2026

Products Affected

Esp-Idf 2 Arduino-Esp32 1

All Espressif CVEs

Recent Highest Score Oldest
CVE-2026-42855
7.5 high

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header, witho

Arduino-Esp32 May 12, 2026
CVE-2025-68474
7.6 high

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrc_vendor_msg() function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRC_MIN_CMD_LEN (20 bytes). However, the actual

Esp-Idf Dec 27, 2025
CVE-2025-68473
8.6 high

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack (BlueDroid), the function bta_dm_sdp_result() used a fixed-size array uuid_list[32][MAX_UUID_SIZE] to store discovered service UUID

Esp-Idf Dec 27, 2025