π¨ CVE-2026-15498
A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation of the argument Login leads to sql injection. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation of the argument Login leads to sql injection. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
Vulnerability Database
CVE-2026-15498 in SmartHomeAdatum
A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This vulnerability is traded as CVE-2026-15498.
π¨ CVE-2026-15499
A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/cron_tools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload["note"] results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/cron_tools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload["note"] results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
Gist
AstrBot: Improper ownership checks in `future_task` allow same-session users to modify other usersβ scheduled tasks and retainβ¦
AstrBot: Improper ownership checks in `future_task` allow same-session users to modify other usersβ scheduled tasks and retain victim-derived cron privileges - AstrBot-Improper-ownership-checks-in-...
π¨ CVE-2026-15500
A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function get_online_plugins of the file astrbot/dashboard/routes/plugin.py of the component market_list Endpoint. Executing a manipulation of the argument custom_registry can lead to server-side request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function get_online_plugins of the file astrbot/dashboard/routes/plugin.py of the component market_list Endpoint. Executing a manipulation of the argument custom_registry can lead to server-side request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
Gist
AstrBot: Authenticated SSRF in AstrBot plugin market custom registry handling
AstrBot: Authenticated SSRF in AstrBot plugin market custom registry handling - AstrBot-Authenticated-SSRF-in-AstrBot-plugin-market-custom-registry-handling.md
π¨ CVE-2026-56238
Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global_stats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics using only the public apikey. Remote attackers can query the /rest/v1/global_stats endpoint to expose MRR, total revenue, plan-tier revenue breakdown, customer counts, and operational telemetry.
π@cveNotify
Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global_stats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics using only the public apikey. Remote attackers can query the /rest/v1/global_stats endpoint to expose MRR, total revenue, plan-tier revenue breakdown, customer counts, and operational telemetry.
π@cveNotify
GitHub
Unauthenticated Supabase PostgREST exposes global_stats (MRR/total_revenue + plan mix + usage telemetry)
### Summary
Unauthenticated clients can read public.global_stats via Supabase PostgREST using only the public sb_publishable_* key (no user/session token required). The endpoint returns Capgo-wide...
Unauthenticated clients can read public.global_stats via Supabase PostgREST using only the public sb_publishable_* key (no user/session token required). The endpoint returns Capgo-wide...
π¨ CVE-2026-56241
Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super_admin users retain access to delete_non_compliant_bundles and count_non_compliant_bundles RPCs due to stale org_users.user_right column not being cleared during role binding deletion. Attackers can exploit this by maintaining a previously granted super_admin role to enumerate and bulk delete non-compliant bundles across the entire organization indefinitely.
π@cveNotify
Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super_admin users retain access to delete_non_compliant_bundles and count_non_compliant_bundles RPCs due to stale org_users.user_right column not being cleared during role binding deletion. Attackers can exploit this by maintaining a previously granted super_admin role to enumerate and bulk delete non-compliant bundles across the entire organization indefinitely.
π@cveNotify
GitHub
RBAC demotion does not clear org_users.user_right - demoted super_admin retains access to delete_non_compliant_bundles and couβ¦
### Summary
On RBAC-enabled organizations (use_new_rbac = true), deleting a user's role binding via DELETE /functions/v1/private/role_bindings/:binding_id only removes the role_bindings row....
On RBAC-enabled organizations (use_new_rbac = true), deleting a user's role binding via DELETE /functions/v1/private/role_bindings/:binding_id only removes the role_bindings row....
π¨ CVE-2026-56252
Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped credentials can trigger signed outbound webhook deliveries for arbitrary organization webhooks outside their declared app boundary, bypassing the limited_to_apps authorization check.
π@cveNotify
Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped credentials can trigger signed outbound webhook deliveries for arbitrary organization webhooks outside their declared app boundary, bypassing the limited_to_apps authorization check.
π@cveNotify
GitHub
App-scoped API keys can invoke org-scoped webhook test deliveries outside their app scope
### Summary
An API key limited to a single app (`limited_to_apps=[...]`) can still call the org-scoped `POST /webhooks/test` endpoint for any webhook in the same organization.
The root cause ...
An API key limited to a single app (`limited_to_apps=[...]`) can still call the org-scoped `POST /webhooks/test` endpoint for any webhook in the same organization.
The root cause ...
π¨ CVE-2026-56259
Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by supplying a malicious base_url parameter and setting api_token to env:VARIABLE_NAME to exfiltrate provider API keys and server secrets including JWT SECRET_KEY for authentication bypass.
π@cveNotify
Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by supplying a malicious base_url parameter and setting api_token to env:VARIABLE_NAME to exfiltrate provider API keys and server secrets including JWT SECRET_KEY for authentication bypass.
π@cveNotify
GitHub
LLM credential exfiltration in Docker server via request base_url and env: token resolution
### Summary
The Docker API server let a request control where LLM calls were sent and which environment variable an LLM token resolved from. Both could be abused to exfiltrate server-held secrets....
The Docker API server let a request control where LLM calls were sent and which environment variable an LLM token resolved from. Both could be abused to exfiltrate server-held secrets....
π¨ CVE-2026-56260
Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The output_path parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location writable by the application's user, overwriting server files and causing denial of service.
π@cveNotify
Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The output_path parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location writable by the application's user, overwriting server files and causing denial of service.
π@cveNotify
GitHub
GitHub - unclecode/crawl4ai: ππ€ Crawl4AI: Open-source LLM Friendly Web Crawler & Scraper. Don't be shy, join here: https://disβ¦
ππ€ Crawl4AI: Open-source LLM Friendly Web Crawler & Scraper. Don't be shy, join here: https://discord.gg/jP8KfhDhyN - unclecode/crawl4ai
π¨ CVE-2026-56271
Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secrets ('auth_token', 'refresh_token') and default audience and issuer values ('AUDIENCE', 'ISSUER') in the enterprise passport authentication middleware (packages/server/src/enterprise/middleware/passport/index.ts). When the corresponding environment variables (JWT_AUTH_TOKEN_SECRET, JWT_REFRESH_TOKEN_SECRET, JWT_AUDIENCE, JWT_ISSUER) are not set, the application silently falls back to these publicly known defaults, allowing an attacker to forge valid JWTs and impersonate any user, including administrators, resulting in authentication bypass.
π@cveNotify
Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secrets ('auth_token', 'refresh_token') and default audience and issuer values ('AUDIENCE', 'ISSUER') in the enterprise passport authentication middleware (packages/server/src/enterprise/middleware/passport/index.ts). When the corresponding environment variables (JWT_AUTH_TOKEN_SECRET, JWT_REFRESH_TOKEN_SECRET, JWT_AUDIENCE, JWT_ISSUER) are not set, the application silently falls back to these publicly known defaults, allowing an attacker to forge valid JWTs and impersonate any user, including administrators, resulting in authentication bypass.
π@cveNotify
GitHub
Weak Default JWT Secrets
**Detection Method:** Kolega.dev Deep Code Scan
| Attribute | Value |
|---|---|
| Severity | Critical |
| CWE | CWE-327 (Use of a Broken or Risky Cryptographic Algorithm), CWE-321 (Use of Har...
| Attribute | Value |
|---|---|
| Severity | Critical |
| CWE | CWE-327 (Use of a Broken or Risky Cryptographic Algorithm), CWE-321 (Use of Har...
π¨ CVE-2026-56281
Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/admin_stats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform admin credentials can inject SQL fragments to enumerate dataset schemas, extract analytics data, or cause denial-of-service against the analytics backend.
π@cveNotify
Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/admin_stats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform admin credentials can inject SQL fragments to enumerate dataset schemas, extract analytics data, or cause denial-of-service against the analytics backend.
π@cveNotify
GitHub
SQL Injection via Unvalidated `limit` Parameter in Admin Stats Endpoint (Cloudflare Analytics Engine)
## Summary
The `POST /private/admin_stats` endpoint destructures `limit` from the raw, unvalidated request body and interpolates it directly into Cloudflare Analytics Engine SQL queries via Java...
The `POST /private/admin_stats` endpoint destructures `limit` from the raw, unvalidated request body and interpolates it directly into Cloudflare Analytics Engine SQL queries via Java...
π¨ CVE-2026-56308
Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and bypass multi-factor authentication protections.
π@cveNotify
Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and bypass multi-factor authentication protections.
π@cveNotify
GitHub
Bug Report: No Password Verification During Email Change β Email Changed Without Confirming Current Password
Bug Report: No Password Verification During Email Change β Email Changed Without Confirming Current Password
Reported by: Testing Pene
Severity: High
Category: Authentication / Account Recover...
Reported by: Testing Pene
Severity: High
Category: Authentication / Account Recover...
π¨ CVE-2026-56313
Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.update_settings permission and an active SSO provider can call the prelink-users endpoint to permanently remove email-based authentication for any user matching the provider's email domain, forcing victims to use the attacker's SSO provider or complete password reset recovery.
π@cveNotify
Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.update_settings permission and an active SSO provider can call the prelink-users endpoint to permanently remove email-based authentication for any user matching the provider's email domain, forcing victims to use the attacker's SSO provider or complete password reset recovery.
π@cveNotify
GitHub
SSO Prelink Cross-Org Account Disruption - Enterprise Admin Can Delete Password Identity of Users in Foreign Orgs
### Summary
The SSO prelink endpoint allows an Enterprise org admin to permanently delete the email/password identity of ALL Capgo users sharing a given email domain including users who belong to ...
The SSO prelink endpoint allows an Enterprise org admin to permanently delete the email/password identity of ALL Capgo users sharing a given email domain including users who belong to ...
π¨ CVE-2026-56336
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal org_id and provider_id values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers, enabling reconnaissance against Capgo tenants.
π@cveNotify
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal org_id and provider_id values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers, enabling reconnaissance against Capgo tenants.
π@cveNotify
GitHub
Unauthenticated SSO check-domain Endpoint Exposes Internal org_id and provider_id
## Summary
The `/private/sso/check-domain` endpoint returns internal `org_id` and `provider_id` values in its JSON response to unauthenticated callers. These fields are not consumed by any front...
The `/private/sso/check-domain` endpoint returns internal `org_id` and `provider_id` values in its JSON response to unauthenticated callers. These fields are not consumed by any front...
π¨ CVE-2026-59260
OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process, triggering command execution when SMB protocol messages are processed.
π@cveNotify
OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process, triggering command execution when SMB protocol messages are processed.
π@cveNotify
GitHub
luci-app-samba4 read ACL allows authenticated root command execution via smbd file.exec
### Summary
I am reporting this through openwrt/openwrt for coordination. The affected source is in openwrt/luci:
applications/luci-app-samba4/root/usr/share/rpcd/acl.d/luci-app-samba4.js...
I am reporting this through openwrt/openwrt for coordination. The affected source is in openwrt/luci:
applications/luci-app-samba4/root/usr/share/rpcd/acl.d/luci-app-samba4.js...
π¨ CVE-2026-61874
filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path, then recreate the same directory to expose new contents through the dormant public share URL.
π@cveNotify
filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path, then recreate the same directory to expose new contents through the dormant public share URL.
π@cveNotify
GitHub
chore(release): 2.63.15 Β· filebrowser/filebrowser@be23ab3
π Web File Browser. Contribute to filebrowser/filebrowser development by creating an account on GitHub.
π¨ CVE-2026-61875
luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders without output encoding, executing the payload when administrators view the UPnP or Status pages.
π@cveNotify
luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders without output encoding, executing the payload when administrators view the UPnP or Status pages.
π@cveNotify
GitHub
luci-app-upnp: Stored XSS in luci-app-upnp, unauthenticated LAN client can inject JavaScript via UPnP port mapping description
## Summary
An unauthenticated LAN client can send a UPnP IGD `AddPortMapping` SOAP request with HTML in `NewPortMappingDescription`. `miniupnpd` stores the description in its lease file, `luci.u...
An unauthenticated LAN client can send a UPnP IGD `AddPortMapping` SOAP request with HTML in `NewPortMappingDescription`. `miniupnpd` stores the description in its lease file, `luci.u...
π¨ CVE-2026-61876
LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages.
π@cveNotify
LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages.
π@cveNotify
GitHub
luci-mod-network: luci-mod-status: DHCPv6 lease hostname stored XSS in LuCI status tables
### Summary
An unauthenticated adjacent-network client can send a DHCPv6 Client FQDN containing HTML markup. `odhcpd` preserves the value, `luci-rpc.getDHCPLeases` returns it, and LuCI renders the...
An unauthenticated adjacent-network client can send a DHCPv6 Client FQDN containing HTML markup. `odhcpd` preserves the value, `luci-rpc.getDHCPLeases` returns it, and LuCI renders the...
π¨ CVE-2026-15501
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.test_mcp_connection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The manipulation of the argument mcp_server_config.url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.test_mcp_connection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The manipulation of the argument mcp_server_config.url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
Gist
AstrBot: Authenticated SSRF in Dashboard MCP connection test via `mcp_server_config.url`
AstrBot: Authenticated SSRF in Dashboard MCP connection test via `mcp_server_config.url` - AstrBot-Authenticated-SSRF-in-Dashboard-MCP-connection-test-via-mcp_server_config.url.md
π¨ CVE-2026-15502
A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function _rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument item_number results in sql injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function _rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument item_number results in sql injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
Vulnerability Database
CVE-2026-15502 in Antaris
A vulnerability was detected in AojiaoZero Antaris 1.0. This vulnerability was named CVE-2026-15502.
π¨ CVE-2026-58596
Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
π@cveNotify
Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.
π@cveNotify
π¨ CVE-2026-10663
In Zephyr's experimental USB host stack (CONFIG_USB_HOST_STACK), usbh_device_disconnect() (subsys/usb/host/usbh_device.c) freed the root usb_device slab object without clearing the cached pointer ctx->root. The bus removal handler dev_removed_handler() (subsys/usb/host/usbh_core.c) decides what to tear down solely from ctx->root, checking only that it is non-NULL.
Because UHC controller drivers (e.g. uhc_max3421e, uhc_mcux_common) synthesize UHC_EVT_DEV_REMOVED directly from physical bus line state with no debounce or state guard, an attacker with physical USB access (or a rogue device that bounces its connection) can deliver a second device-removed event after a root device disconnect. The handler then re-enters usbh_device_disconnect() with the dangling pointer, locking a mutex inside the freed object (use-after-free), removing the freed node from the device list, and calling k_mem_slab_free() on the already-freed block (double-free). If the slab block has been reissued to a newly attached device in between, this corrupts a live object.
Impact is denial of service (crash) and memory corruption; the attack vector is physical/local. The flaw was introduced in v4.4.0 by the connect/disconnect refactor and is fixed by clearing ctx->root in usbh_device_disconnect() before freeing.
π@cveNotify
In Zephyr's experimental USB host stack (CONFIG_USB_HOST_STACK), usbh_device_disconnect() (subsys/usb/host/usbh_device.c) freed the root usb_device slab object without clearing the cached pointer ctx->root. The bus removal handler dev_removed_handler() (subsys/usb/host/usbh_core.c) decides what to tear down solely from ctx->root, checking only that it is non-NULL.
Because UHC controller drivers (e.g. uhc_max3421e, uhc_mcux_common) synthesize UHC_EVT_DEV_REMOVED directly from physical bus line state with no debounce or state guard, an attacker with physical USB access (or a rogue device that bounces its connection) can deliver a second device-removed event after a root device disconnect. The handler then re-enters usbh_device_disconnect() with the dangling pointer, locking a mutex inside the freed object (use-after-free), removing the freed node from the device list, and calling k_mem_slab_free() on the already-freed block (double-free). If the slab block has been reissued to a newly attached device in between, this corrupts a live object.
Impact is denial of service (crash) and memory corruption; the attack vector is physical/local. The flaw was introduced in v4.4.0 by the connect/disconnect refactor and is fixed by clearing ctx->root in usbh_device_disconnect() before freeing.
π@cveNotify
GitHub
usb: host: fix root device lifecycle management Β· zephyrproject-rtos/zephyr@4b87a8f
Move ctx->root assignment and clearing from event handlers
into usbh_device_connect() and usbh_device_disconnect().
This avoid dangling pointer issue.
Signed-off-by: Aiden Hu <weiwei...
into usbh_device_connect() and usbh_device_disconnect().
This avoid dangling pointer issue.
Signed-off-by: Aiden Hu <weiwei...