CVE-2026-30363
Published: 01 May 2026
Summary
CVE-2026-30363 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability. Its CVSS base score is 8.4 (High).
Operationally, ranked at the 3.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-30363 is a stack overflow vulnerability in the "Main" function of the Flipper Zero firmware, specifically at commit ad2a80. This affects users running that version of the open-source firmware for the Flipper Zero multi-tool device. The vulnerability is rated with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-121 (Stack-based Buffer Overflow).
A local attacker can exploit this vulnerability with low complexity and no privileges or user interaction required. Successful exploitation could result in high-impact consequences, including unauthorized disclosure of sensitive information, modification of data or code, and denial of service through system crashes or corruption.
Advisories are documented in Flipper Zero firmware GitHub issue #4332 and a related gist at https://gist.github.com/k6dpvrmm8z-glitch/7db9fb648a18ffcd8600bea436486884.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26705
Vulnerability details
flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the stack overflow vulnerability in the Flipper Zero firmware Main function by applying patches from the referenced GitHub issue and subsequent commits.
Implements memory protections such as stack canaries, address space layout randomization, and non-executable stacks to block exploitation of the stack-based buffer overflow.
Validates inputs processed by the Main function to prevent malformed data from triggering the stack overflow vulnerability.