Cyber Resilience

CVE-2026-30363

High

Published: 01 May 2026

Published
01 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 3.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-30363 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability. Its CVSS base score is 8.4 (High).

Operationally, ranked at the 3.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-30363 is a stack overflow vulnerability in the "Main" function of the Flipper Zero firmware, specifically at commit ad2a80. This affects users running that version of the open-source firmware for the Flipper Zero multi-tool device. The vulnerability is rated with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-121 (Stack-based Buffer Overflow).

A local attacker can exploit this vulnerability with low complexity and no privileges or user interaction required. Successful exploitation could result in high-impact consequences, including unauthorized disclosure of sensitive information, modification of data or code, and denial of service through system crashes or corruption.

Advisories are documented in Flipper Zero firmware GitHub issue #4332 and a related gist at https://gist.github.com/k6dpvrmm8z-glitch/7db9fb648a18ffcd8600bea436486884.

EU & UK References

Vulnerability details

flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-70083Shared CWE-121
CVE-2026-38422Shared CWE-121
CVE-2025-54485Shared CWE-121
CVE-2025-11783Shared CWE-121
CVE-2025-29149Shared CWE-121
CVE-2025-15273Shared CWE-121
CVE-2025-54491Shared CWE-121
CVE-2025-70656Shared CWE-121
CVE-2025-70304Shared CWE-121
CVE-2025-71023Shared CWE-121

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the stack overflow vulnerability in the Flipper Zero firmware Main function by applying patches from the referenced GitHub issue and subsequent commits.

prevent

Implements memory protections such as stack canaries, address space layout randomization, and non-executable stacks to block exploitation of the stack-based buffer overflow.

prevent

Validates inputs processed by the Main function to prevent malformed data from triggering the stack overflow vulnerability.

References