CVE-2026-23833
Summary: CVE-2026-23833 affects ESPHome 2025.9.0–2025.12.6. A flaw in the API component’s protobuf decoder lets an attacker perform a denial-of-service by sending a large field_length, causing an overflow of the bounds check in components/api/proto.cpp (ptr + field_length > end). This can cras...