HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-44634Published Modified CNA GitHub_M

CVE-2026-44634: Stack buffer overflows in SimpleBLE

SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleble_write function (local, caller-controlled input). A stack overflow vulnerability when processing manufacturer-specific data in BLE advertisements (remote, no pairing or connection required). Lastly, a stack overflow vulnerability when processing service data in BLE advertisements (remote, no pairing or connection required). This issue has been patched in version 0.14.0.

Metrics

CVSS v4.0
8.7
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Stack-based buffer overflow vulnerabilities affect SimpleBLE, a cross-platform Bluetooth Low Energy library, in versions prior to 0.14.0. Two of the three overflow paths are reachable over-the-network (no pairing or connection required) by sending malformed BLE advertisement data, while a third requires local caller-controlled input; no authentication is needed for the remote paths. Successful exploitation crashes the affected service, causing a denial of service. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment an upstream fix version is published.

HarborGuard Coverage

Detection

Detection for CVE-2026-44634 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that vendor SimpleBLE as a dependency. Coverage extends to both direct and transitive package inclusions in scanned container layers.

Available
Triage

HarborGuard surfaces this CVE with its CVSS v4.0 score of 8.7 (HIGH) and applies per-environment compliance policy weighting to prioritize it appropriately within each customer org. Triage routing is capable of directing findings to the team or inbox configured for the affected service, based on image ownership metadata.

Available
Patch

No fix version has been published upstream for CVE-2026-44634 at this time; HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment version 0.14.0 or a later fix is confirmed upstream. For customers who opt into auto-remediation, the rebuild, regression-test run, and PR against affected workloads will be triggered without manual intervention once the fix lands.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    Two of the three vulnerable code paths are reachable remotely: an attacker can trigger the overflow by broadcasting malformed BLE advertisement packets with no prior pairing or connection to the target device.

  • AuthenticationNot required

    No authentication, pairing, or established BLE connection is required to reach the remote advertisement-processing paths.

  • Victim interactionNot required

    The remote attack paths are passive from the victim's perspective; no user action is needed because the vulnerable code processes incoming BLE advertisements automatically.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special race conditions, memory-layout knowledge, or environmental setup for the remote advertisement paths.

Blast Radius

  • Crashes the process hosting the SimpleBLE library, taking down any application or service that depends on it for BLE communication.
  • Sustained or repeated exploitation produces a persistent denial of service, preventing the affected host from scanning or connecting to BLE devices.
  • A third overflow path (local, caller-controlled input) allows a process already running on the host to corrupt its own stack, potentially destabilizing co-resident services sharing the process boundary.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix version exists yet for CVE-2026-44634, HarborGuard continuously re-evaluates the advisory on every ingest cycle and will make a patched-image rebuild available automatically once version 0.14.0 or a later fix is confirmed published. In the interim, compensating controls are worth considering: network-policy isolation to restrict which workloads can receive arbitrary BLE advertisement data, egress and ingress filtering at the host or container level to limit exposure of the SimpleBLE service, and feature-flag gating to disable BLE scanning in environments where it is not operationally required. For customers who opt into auto-remediation, the full rebuild, regression-test run, and PR-opening flow will be triggered without manual steps the moment the upstream patch is available.

See how HarborGuard automates this
Affected packages
  • simpleble / simpleble
    < 0.14.0
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
References