CVE-2026-28528

MEDIUM

BlueKitchen BTstack < 1.8.1 AVRCP Browsing Target GET_FOLDER_ITEMS Handler OOB Read / Undefined Behavior

Title source: cna
STIX 2.1

Description

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds checking on the attr_id parameter to cause crashes and corrupt attribute bitmap state.

References (2)

Scores

CVSS v3 4.6
EPSS 0.0001
EPSS Percentile 3.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-125 CWE-758
Status published
Products (2)
BlueKitchen GmbH/BTstack < 1.8.1
bluekitchen-gmbh/btstack < 1.8.1
Published Mar 30, 2026
Tracked Since Mar 30, 2026