NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-26399

Summary	A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function returns, interrupt service routines may dereference this dangling pointer, resulting in memory corruption.
Publication Date	April 21, 2026, 3:16 a.m.
Registration Date	April 21, 2026, 4:09 a.m.
Last Update	April 21, 2026, 3:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/Acen28/CVE-2026-26399-Disclosure	cve@mitre.org
2	https://github.com/stm32duino/Arduino_Core_STM32/releases/tag/1.6.1	cve@mitre.org

Common Vulnerabilities List