CVE-2026-28526
BlueKitchen BTstack prior to 1.8.1 contains an out-of-bounds read in the AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES and LIST_PLAYER_APPLICATION_SETTING_VALUES handlers. An adjacent attacker with a paired Bluetooth Classic connection can send a crafted VENDOR_DEPENDENT response wi...