What is the severity of CVE-2026-22214?

CVE-2026-22214 has a CVSS v3 score of 9.8, which is classified as Critical severity.

Is there an exploit available for CVE-2026-22214?

No known public exploits are currently available for CVE-2026-22214.

Is there a patch available for CVE-2026-22214?

No official patches have been released yet for CVE-2026-22214. Consider implementing workarounds or mitigations.

CVE-2026-22214 - CVE Details, Severity, and Analysis

CVE-2026-22214 - CVE Details, Severity, and Analysis | Strobes VI

Severity Scores

CVSS v39.8

CVSS v20.0

Priority Score596.0

EPSS Score0.0

Critical

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

9.8

CVSS

Exploit

Patch

High Priority

no patch • critical severity

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() function, where incoming frame bytes are appended to a fixed-size stack buffer without verifying that the current write index remains within bounds. An attacker capable of sending crafted serial or TCP-framed input can cause the current write index to exceed the buffer size, resulting in a write past the end of the stack buffer. This condition leads to memory corruption and application crash.

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:Local

Privileges Required:Network

User Interaction:Network

Scope:Unchanged

Confidentiality:High

Integrity:High

Availability:High

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Riot Os	Riot