CVE-2026-25139

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...

CVE-2026-25139

RIOT OS (IoT embedded OS) versions 2025.10 and prior are affected by multiple out-of-bounds read vulnerabilities in the 6LoWPAN stack. The received packet is cast into a sixlowpan_sfr_rfrag_t struct and dereferenced without validating that the packet is large enough to contain the struct, allowin...

PT-2026-6269

Name of the Vulnerable Software and Affected Versions RIOT versions 2025.10 and prior Description The RIOT operating system, designed for IoT and embedded devices, contains an issue where out-of-bounds read operations can occur. An unauthenticated user capable of sending or manipulating input...

The vulnerability of the rbuf_add function in the 6LoWPAN packet processing network stack of the RIOT operating system allows a hacker to execute arbitrary code.

The vulnerability of the rbufadd function in the 6LoWPAN packet processing stack of the RIOT operating system’s kernel relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...