CVE-2026-1998

Summary

A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may be used. Patch name: 570744d06c5ba9dba59b4c3f432ca4f0abd396b6. It is suggested to install a patch to address this issue.

Affected Software

VendorProductVersion RangeStatus
n/amicropython1.0affected
n/amicropython1.1affected
n/amicropython1.2affected
n/amicropython1.3affected
n/amicropython1.4affected
n/amicropython1.5affected
n/amicropython1.6affected
n/amicropython1.7affected
n/amicropython1.8affected
n/amicropython1.9affected
n/amicropython1.10affected
n/amicropython1.11affected
n/amicropython1.12affected
n/amicropython1.13affected
n/amicropython1.14affected
n/amicropython1.15affected
n/amicropython1.16affected
n/amicropython1.17affected
n/amicropython1.18affected
n/amicropython1.19affected
n/amicropython1.20affected
n/amicropython1.21affected
n/amicropython1.22affected
n/amicropython1.23affected
n/amicropython1.24affected
n/amicropython1.25affected
n/amicropython1.26affected
n/amicropython1.27.0affected

Weaknesses

  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References