Every CVE whose affected-product data names Tuya Arduino-tuyaopen, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2026-28519 — CVSS 8.8 (high): arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the…
CVE-2026-28520 — CVSS 8.4 (high): arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's…
CVE-2026-28521 — CVSS 7.7 (high): arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks…
CVE-2026-28522 — CVSS 6.5 (medium): arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same…