VYPR
Medium severity4.6NVD Advisory· Published Mar 30, 2026· Updated Apr 6, 2026

CVE-2026-28528

CVE-2026-28528

Description

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds checking on the attr_id parameter to cause crashes and corrupt attribute bitmap state.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:bluekitchen-gmbh:btstack:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:bluekitchen-gmbh:btstack:*:*:*:*:*:*:*:*range: <1.8.1
    • (no CPE)range: <1.8.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.