Primary

Context

Alps Alpine Bluetooth Stack Buffer Overflow Vulnerability in Nissan Leaf Infotainment ECU Allowing Remote Code Execution

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Bluetooth stack of the Infotainment Electronic Control Unit (ECU) in the 2020 Nissan Leaf ZE1. This vulnerability arises from improper boundary validation of user-supplied data, allowing an attacker to exploit the issue by sending a specific packet over an established L2CAP channel. The exploitation of this vulnerability could lead to remote code execution on the affected Infotainment ECU with root privileges.

Impact

Exploitation of this vulnerability allows for remote code execution on the Infotainment ECU with root privileges.

Reproduction

The vulnerability can be reproduced by pairing a device with the Nissan Leaf's Infotainment ECU via Bluetooth. Once paired, the attacker can send a specific packet that triggers the buffer overflow, leading to code execution on the ECU.

Added: Feb 15, 2026, 11:23 AM

Updated: Feb 15, 2026, 11:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.6

remediation

0.0

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.6

remediation

0.0

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Alps Alpine Bluetooth Stack Buffer Overflow Vulnerability in Nissan Leaf Infotainment ECU Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating