8.1high
SecMateSECMATE-2026-0001
VendorTuya
Productarduino-TuyaOpen
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
Reported
Feb 22, 2026
Acknowledged
Feb 25, 2026
Fixed
Feb 25, 2026
Published
Mar 12, 2026
Summary
A heap-based buffer overflow vulnerability exists in the DnsServer component of arduino-TuyaOpen versions prior to v1.2.1. An attacker on the same local area network (LAN) who controls the DNS server can exploit this vulnerability to conduct an overflow attack, potentially executing arbitrary code on any device running the affected firmware.