Back to Arduino Security Bulletins

ASEC-26-001 ArduinoCore-AVR v1.8.7 Resolves Stack-Based Buffer Overflow Vulnerability

Bulletin ID: ASEC-26-001
Date: Jan 19, 2026
Product/Component: ArduinoCore-AVR
Affected versions: <= 1.8.6 Fixed version: >= 1.8.7

Summary

A new version of the Arduino AVR Boards platform is now available at the following link: ArduinoCore-AVR v1.8.7 Release.

This release includes the following update:

  • A dedicated security fix for the CVE-2025-69209 vulnerability that affects the ArduinoCore-AVR versions before version v1.8.7. Further details are available in the official security advisory at the following link: GHSA-pvx3-fm7w-6hjm.

Action Required

To ensure security and stability, users are advised to update ArduinoCore-AVR to version v1.8.7 as soon as possible. This update automatically includes all patches described above.

Additional Information

For further details regarding the resolved vulnerabilities, refer to the following CVE reports:

For any questions or support, please refer to the Arduino Documentation or the official support channels.

Contact

If you encounter any issues or have questions regarding this security update, please contact our security team at security@arduino.cc.

  • Published:
Was this article helpful?
Do you want to contribute? Visit the Github repository
Return to top

Didn’t find what you were looking for?

Arduino Docs

Tutorials, data sheets, guides and other technical documentation.

Arduino Forum

Connect with the community, get help with your project, and discuss everything Arduino.

Arduino Discord

There are a lot of Arduino enthusiasts who are more than willing to help out. Head over Discord to start a discussion.

Contact Arduino

Need help with a product, need to make an exchange, or can't find a question answered? Email us and we'll answer as soon as possible.