Primary

Context

Arduino App Lab Terminal Component Input Validation Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in the Terminal component of Arduino App Lab versions prior to 0.4.0. The issue arises from inadequate sanitization and validation of input data from connected hardware devices, particularly in the Serial and Address metadata fields. This flaw occurs during the handling of device information when establishing a terminal session. An attacker with physical access to a compromised board can inject payloads containing shell metacharacters, which are then executed on the host system with the user's privileges. This vulnerability has been addressed in version 0.4.0.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the host system, executed with the privileges of the user running Arduino App Lab.

Remediation

Users can upgrade to Arduino App Lab version 0.4.0 or later to address this vulnerability.

Added: Feb 12, 2026, 8:19 PM

Updated: Feb 12, 2026, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.6

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.6

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Arduino App Lab Terminal Component Input Validation Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating