MEDIUM 4.6

CVE-2026-46532: ESP-IDF BlueDroid AVRCP Out-of-Bounds Read Memory Leak

A memory reading vulnerability exists in Espressif's ESP-IDF Bluetooth stack, specifically in the AVRCP (Audio/Video Remote Control Profile) vendor command parser. An authenticated attacker with local Bluetooth access could read adjacent memory contents by crafting malformed vendor commands. This could leak sensitive information from the device's memory. The vulnerability affects ESP-IDF versions 5.2.6 through 6.0 across multiple release branches.

Source data · NVD / CISA · public domain

CVSS
3.1 · 4.6 MEDIUM · CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Weaknesses (CWE)
CWE-125
Affected products
5 configuration(s)
Published / Modified
2026-06-10 / 2026-06-17

NVD description (verbatim)

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser (avrc_pars_vendor_cmd() in components/bt/host/bluedroid/stack/avrc/avrc_pars_tg.c). This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.4, and 6.0.1.

7 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-46532 is an out-of-bounds read (CWE-125) in the avrc_pars_vendor_cmd() function within the BlueDroid AVRCP implementation. The parser fails to properly validate vendor command payload boundaries before reading data, allowing an authenticated Bluetooth peer to trigger memory reads beyond allocated buffer limits. The vulnerability is present in ESP-IDF versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0. Patched versions are 5.2.7, 5.3.6, 5.4.5, 5.5.4, and 6.0.1. The CVSS 3.1 score of 4.6 reflects the combination of adjacent-network attack surface, requirement for prior Bluetooth authentication, and dual impact of confidentiality and availability loss.

Business impact

Organizations deploying ESP-IDF-based IoT devices with Bluetooth connectivity in multi-tenant or untrusted environments face information disclosure risk. An authenticated Bluetooth user could potentially extract cryptographic keys, configuration data, or other sensitive memory contents. While the attack requires prior pairing or connection context, widespread IoT deployments may increase exposure across supply chains. Remediation requires firmware updates and potential re-provisioning of affected devices already in the field.

Affected systems

ESP-IDF versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0 are vulnerable. Any embedded system or IoT device built on these ESP-IDF branches with Bluetooth AVRCP support enabled is in scope. This includes Espressif ESP32, ESP32-S3, and other SoC variants using the affected framework versions. Check your device firmware version and ESP-IDF build lineage to determine exposure.

Exploitability

Exploitation requires local Bluetooth proximity and prior authentication context (either bonded pairing or active connection). The attacker must send specially crafted AVRCP vendor commands to the target device. No network access is needed, and the attack does not require elevated privileges on the attacked device itself. However, the requirement for Bluetooth authentication and proximity limits opportunistic exploitation compared to network-facing vulnerabilities. No public exploit code is known to exist, and the vulnerability is not tracked in CISA's Known Exploited Vulnerabilities catalog.

Remediation

Update ESP-IDF to patched versions: 5.2.7 or later (5.2 branch), 5.3.6 or later (5.3 branch), 5.4.5 or later (5.4 branch), 5.5.4 or later (5.5 branch), or 6.0.1 or later (6.0 branch). Recompile and reflash affected devices. Organizations should also evaluate Bluetooth access controls to restrict AVRCP sessions to trusted peers only, using device pairing management and Bluetooth security policies.

Patch guidance

Apply updates in priority order based on your release-branch deployment: verify your current ESP-IDF version against the vulnerable list, then upgrade to the corresponding patched version. Test the updated firmware in a staging environment to confirm Bluetooth functionality and AVRCP compatibility before production rollout. Espressif's official release notes will document any API or behavior changes in the patched versions. Plan for device re-flashing in the field if devices cannot self-update.

Detection guidance

Monitor Bluetooth connection logs for repeated or unusual AVRCP vendor command sequences from external peers. Firmware analysis tools can verify ESP-IDF version numbers in compiled binaries. Memory sanitizers and bounds-checking instrumentation during firmware testing will catch buffer overread patterns. Network-based detection is limited due to the local-only nature of Bluetooth, but device telemetry or log aggregation from affected systems may reveal exploitation attempts as Bluetooth connection anomalies or stack errors.

Why prioritize this

Prioritize this vulnerability for managed device fleets with Bluetooth AVRCP functionality, especially in multi-user or guest-access scenarios. Organizations with devices embedded in public IoT ecosystems (smart speakers, wearables, automotive systems) should treat this as elevated priority due to attack surface exposure. Enterprises with tightly controlled, single-owner IoT deployments in isolated networks may defer patching pending resource planning, but should not ignore it indefinitely.

Risk score, explained

The CVSS 3.1 score of 4.6 (MEDIUM) reflects: adjacent-network attack vector (Bluetooth local only, not Internet-facing), low complexity of exploitation (vendor command parsing), requirement for Bluetooth-level authentication (prior connection/pairing), and limited impact scope (local information leak without lateral movement or device takeover). The score would be significantly higher if remote exploitation were possible or if the vulnerability enabled arbitrary code execution; conversely, it would be lower if authentication were not required.

Frequently asked questions

Do I need to patch devices if Bluetooth AVRCP is disabled?

No. If your device firmware disables AVRCP or does not expose AVRCP vendor command handling, the vulnerable code path is not active. However, verify this explicitly in your build configuration and ESP-IDF component settings. If you are unsure, treat the device as vulnerable and plan for patching.

Can this vulnerability be exploited over WiFi or the Internet?

No. The vulnerability is limited to Bluetooth local-range communication. An attacker must be within Bluetooth proximity (typically 10–100 meters, depending on class) and must have established a Bluetooth connection or pairing with the target device. This is not a network-based vulnerability.

What information could be leaked?

The out-of-bounds read allows the attacker to access adjacent memory contents. In typical firmware scenarios, this could include cryptographic keys, session tokens, configuration data, or other sensitive state stored near the AVRCP command buffer. The exact nature depends on the device's memory layout and what other data is resident in adjacent regions.

Is there a workaround if I cannot patch immediately?

Mitigations include restricting Bluetooth pairing to trusted devices only, disabling AVRCP if not required, and isolating affected devices on dedicated network segments if possible. However, these are not substitutes for patching. Plan for firmware updates within your standard patch cycle; do not rely indefinitely on workarounds.

This analysis is for informational purposes and based on publicly available CVE and vendor data. No exploit code or weaponized proof-of-concept is provided. Organizations must verify patch availability and compatibility with their specific device deployments before applying updates. Consult Espressif's official advisory and release notes for authoritative guidance. SEC.co does not warrant the completeness or accuracy of vendor vulnerability data and recommends independent verification against official vendor sources. Test all firmware updates in controlled environments before production deployment. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).