Description
flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function.
Published: 2026-05-01
Score: 8.4 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack overflow in the "Main" function of Flipper Zero firmware. This flaw allows an attacker with sufficient input control to overwrite the stack, potentially leading to a crash or arbitrary code execution. The weakness is a classic buffer overflow (CWE-121).

Affected Systems

The affected product is Flipper Zero firmware, specifically the codebase identified by commit ad2a80. No exact version or release information is available; the issue exists wherever that commit is present in the firmware.

Risk and Exploitability

The CVSS score is 8.4, and the EPSS score is unavailable, making it hard to gauge the overall risk quantitatively. The vulnerability is not listed in CISA KEV. The likely attack vector is local or device‑facing input that exercises the failed stack protection; it is uncertain whether remote exploitation is achievable without additional steps. The presence of a stack overflow suggests that, if exploitable, the risk could be high, potentially allowing arbitrary code execution. However, without further evidence of a usable exploit, the threat remains theoretical.

Generated by OpenCVE AI on May 2, 2026 at 07:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the official Flipper Devices website for firmware updates that address the stack overflow vulnerability.
  • Avoid using or uploading firmware containing the problematic commit until a fix is available.
  • If possible, prevent the device from processing untrusted input that could trigger the stack overflow, such as disabling or restricting any external data interfaces.
  • Coordinate with the vendor to receive a patch or official acknowledgement of the vulnerability.

Generated by OpenCVE AI on May 2, 2026 at 07:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 08:15:00 +0000

Type Values Removed Values Added
Title Stack Overflow in Main Function of Flipper Zero Firmware

Fri, 01 May 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 01 May 2026 19:15:00 +0000

Type Values Removed Values Added
Description flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-01T20:29:31.302Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30363

cve-icon Vulnrichment

Updated: 2026-05-01T20:27:51.723Z

cve-icon NVD

Status : Received

Published: 2026-05-01T19:16:29.807

Modified: 2026-05-01T21:16:16.490

Link: CVE-2026-30363

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:00:14Z

Weaknesses