High severity8.1NVD Advisory· Published Feb 26, 2026· Updated Apr 15, 2026

CVE-2026-23750

Description

Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. server_cert_write() allocates a heap buffer of size CONFIG_POUCH_SERVER_CERT_MAX_LEN when receiving the first fragment, then appends subsequent fragments using memcpy() without verifying that sufficient capacity remains. An adjacent BLE client can send unauthenticated fragments whose combined size exceeds the allocated buffer, causing a heap overflow and crash; integrity impact is also possible due to memory corruption.

Affected products

Golioth/Pouchreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.secmate.dev/posts/golioth-vulnerabilities-disclosure/nvd
github.com/golioth/pouch/commit/1b2219a1nvd
secmate.dev/disclosures/SECMATE-2025-0018nvd
www.vulncheck.com/advisories/golioth-pouch-ble-gatt-heap-based-buffer-overflownvd

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000