CVE-2026-28528 | BlueKitchen BTstack up to 1.8.0 AVRCP Browsing Target attr_id out-of-bounds

VDB-354193 · CVE-2026-28528 · EUVD-2026-17089 BLUEKITCHEN BTSTACK UP TO 1.8.0 AVRCP BROWSING TARGET ATTR_ID OUT-OF-BOUNDS HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 4.9 $0-$5k 2.35+ Summaryinfo A vulnerability was found in BlueKitchen BTstack up to 1.8.0. It has been rated as problematic. This issue affects some unknown processing of the component AVRCP Browsing Target Handler. This manipulation of the argument attr_id causes out-of-bounds. This vulnerability appears as CVE-2026-28528. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised. Detailsinfo A vulnerability was found in BlueKitchen BTstack up to 1.8.0. It has been declared as problematic. Affected by this vulnerability is an unknown function of the component AVRCP Browsing Target Handler. The manipulation of the argument attr_id with an unknown input leads to a out-of-bounds vulnerability. The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is: BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds checking on the attr_id parameter to cause crashes and corrupt attribute bitmap state. The weakness was presented by Kazuma Matsumoto. The advisory is shared at github.com. This vulnerability is known as CVE-2026-28528 since 02/27/2026. The exploitation appears to be easy. The attack needs to approached within the local network. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. Technical details are known, but no exploit is available. Upgrading to version 1.8.1 eliminates this vulnerability. The upgrade is hosted for download at github.com. The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-17089). Productinfo Vendor BlueKitchen Name BTstack Version 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8.0 Website Product: https://github.com/bluekitchen/btstack/ CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA CVSS-B Score: 🔒 CNA CVSS-BT Score: 🔒 CNA Vector: 🔒 CVSSv3info VulDB Meta Base Score: 5.1 VulDB Meta Temp Score: 4.9 VulDB Base Score: 5.5 VulDB Temp Score: 5.3 VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA Base Score: 4.6 CNA Vector (VulnCheck): 🔒 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Out-of-bounds CWE: CWE-125 / CWE-119 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Partially Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: BTstack 1.8.1 Timelineinfo 02/27/2026 CVE reserved 03/30/2026 +30 days Advisory disclosed 03/30/2026 +0 days VulDB entry created 03/30/2026 +0 days VulDB entry last update Sourcesinfo Product: github.com Advisory: github.com Researcher: Kazuma Matsumoto Status: Confirmed CVE: CVE-2026-28528 (🔒) GCVE (CVE): GCVE-0-2026-28528 GCVE (VulDB): GCVE-100-354193 EUVD: 🔒 Entryinfo Created: 03/30/2026 16:40 Updated: 03/30/2026 18:37 Changes: 03/30/2026 16:40 (79), 03/30/2026 18:37 (1) Complete: 🔍 Cache ID: 99:A55:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸