CVE-2026-23750 identifies a heap-based buffer overflow vulnerability in the Golioth Pouch software version 0.1.0, specifically within the BLE GATT server certificate handling logic. The vulnerable function, server_cert_write(), initially allocates a heap buffer sized by the configuration parameter CONFIG_POUCH_SERVER_CERT_MAX_LEN upon receiving the first fragment of a server certificate. However, when subsequent certificate fragments arrive, the function uses memcpy() to append these fragments without verifying that the remaining buffer capacity is sufficient. This lack of bounds checking allows an adjacent BLE client to send multiple unauthenticated certificate fragments whose combined size exceeds the allocated buffer, resulting in a heap overflow. The overflow can cause the application to crash (denial of service) and may also lead to memory corruption, potentially impacting the integrity of the device's operation or data. The vulnerability does not require authentication or user interaction, but proximity is necessary due to the BLE communication channel. The CVSS 4.0 vector indicates the attack is network-based (adjacent), with low complexity, no privileges or user interaction required, and high impact on integrity and availability. No patches or known exploits are currently reported, but the flaw represents a significant risk for BLE-enabled IoT devices using Golioth Pouch 0.1.0, especially in environments where malicious BLE clients could be present.

The primary impact of CVE-2026-23750 is denial of service due to application crashes caused by heap overflow, which can disrupt the normal operation of IoT devices running Golioth Pouch 0.1.0. More critically, the memory corruption resulting from the overflow could be exploited to alter device behavior or compromise data integrity, potentially enabling unauthorized control or manipulation of the device. This is especially concerning for IoT deployments in industrial, healthcare, or critical infrastructure sectors where device reliability and data integrity are paramount. Since the vulnerability can be triggered by an unauthenticated adjacent BLE client, attackers with physical proximity can exploit it without needing credentials or user interaction, increasing the risk in public or unsecured environments. The scope is limited to devices using the affected version of Golioth Pouch with BLE GATT server certificate handling enabled, but given the growing adoption of BLE in IoT, the potential attack surface is significant. Organizations relying on these devices may face operational disruptions, safety risks, and potential breaches of sensitive data or control systems.

To mitigate CVE-2026-23750, organizations should first verify if their devices run Golioth Pouch version 0.1.0 and use BLE GATT server certificate handling. Since no official patch is currently available, immediate mitigation steps include: 1) Restrict physical access to BLE-enabled devices to trusted environments to prevent proximity-based attacks. 2) Implement BLE communication filtering or whitelisting to limit connections to known, authenticated clients, even though the vulnerability does not require authentication, reducing exposure. 3) Monitor BLE traffic for anomalous certificate fragment sizes or repeated fragmented writes that could indicate exploitation attempts. 4) Engage with Golioth for updates or patches addressing this vulnerability and plan timely upgrades once available. 5) Consider disabling BLE GATT server certificate handling if it is not essential for device operation. 6) Employ runtime protections such as heap overflow detection or memory safety tools on devices where feasible. These targeted mitigations go beyond generic advice by focusing on controlling BLE access and monitoring specific exploit vectors.