Buffer Overflow Vulnerability in SWM341 CAN Handler by RT-Thread
CVE-2026-14606
Key Information:
Badges
What is CVE-2026-14606?
A vulnerability has been identified in the RT-Thread SWM341 CAN Handler up to version 5.0.2, specifically in the CAN_Receive function found in the CMSIS DeviceSupport library. This flaw allows for a stack-based buffer overflow, which can be exploited locally to manipulate the application's execution flow. Publicly available exploit techniques may facilitate potential attacks, highlighting the importance of prompt mitigation and response. Despite early notification, the vendor has not addressed this issue, increasing risks for affected users.
Affected Version(s)
RT-Thread 5.0.0
RT-Thread 5.0.1
RT-Thread 5.0.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
