{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-26399", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-20T17:04:17.309Z", "dateReserved": "2026-02-16T00:00:00.000Z", "datePublished": "2026-04-20T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-20T17:04:17.309Z"}, "descriptions": [{"lang": "en", "value": "A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function returns, interrupt service routines may dereference this dangling pointer, resulting in memory corruption."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/stm32duino/Arduino_Core_STM32/releases/tag/1.6.1"}, {"url": "https://github.com/Acen28/CVE-2026-26399-Disclosure"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function returns, interrupt service routines may dereference this dangling pointer, resulting in memory corruption."}], "id": "CVE-2026-26399", "lastModified": "2026-04-20T19:05:30.750", "metrics": {}, "published": "2026-04-20T18:16:25.040", "references": [{"source": "cve@mitre.org", "url": "https://github.com/Acen28/CVE-2026-26399-Disclosure"}, {"source": "cve@mitre.org", "url": "https://github.com/stm32duino/Arduino_Core_STM32/releases/tag/1.6.1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T18:42:20.519883+00:00", "value": {"mitigation_remediation": ["Upgrade the Arduino_Core_STM32 library to version 1.7.0 or later.", "If an upgrade is not immediately possible, avoid using the pwm_start() function until the library is patched.", "Verify interrupt service routines do not dereference global timer handles that may be uninitialized or reused, and replace any vulnerable calls with safer alternatives."], "summary": {"action": "Apply Patch", "impact": "Potential memory corruption leading to arbitrary code execution"}, "threat_synthesis": {"affected_systems": "Systems running the Arduino_Core_STM32 library versions earlier than 1.7.0 are affected. This includes any STM32-based projects that use the PWM timing functions provided by the library.", "description_and_impact": "The vulnerability arises from a stack-use-after-return in the Arduino_Core_STM32 library, where pwm_start() allocates a TIM_HandleTypeDef on the stack and passes its address to HAL routines. After pwm_start() returns, the pointer remains registered globally and can be dereferenced by interrupt service routines, leading to memory corruption. This flaw can allow an attacker to overwrite memory locations and potentially execute arbitrary code, undermining the confidentiality and integrity of the system.", "risk_and_exploitability": "The EPSS score is not available and the vulnerability is not listed in CISA KEV, suggesting a low to moderate known exploitation probability. The lack of a publicly disclosed CVSS score prevents a precise severity assessment, but the nature of the flaw\u2014dereferencing a dangling pointer in interrupt context\u2014makes it likely to be exploitable with sufficient access to the device. The attack vector is inferred to be exploitation of the MCU\u2019s interrupt handling mechanism, possibly through user-controlled input that triggers PWM usage."}}}}, "created": "2026-04-20T18:45:14.230792+00:00", "title": "Stack Use-After-Return in Arduino STM32 Core Library Causing Memory Corruption", "updated": "2026-04-20T18:45:14.230802+00:00", "vendors": [], "weaknesses": ["CWE-416"]}