CVE-2026-1998
micropython runtime.c mp_import_all memory corruption
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may be used. Patch name: 570744d06c5ba9dba59b4c3f432ca4f0abd396b6. It is suggested to install a patch to address this issue.
| CWE | CWE-119 |
| Vendor | n/a |
| Product | micropython |
| Published | Feb 6, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a micropython
Be the first to know when new low vulnerabilities affecting n/a micropython are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / micropython
1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 1.15 1.16 1.17 1.18 1.19 1.20 1.21 1.22 1.23 1.24 1.25 1.26 1.27.0
References
vuldb.com: https://vuldb.com/?id.344546 vuldb.com: https://vuldb.com/?ctiid.344546 vuldb.com: https://vuldb.com/?submit.743396 github.com: https://github.com/micropython/micropython/issues/18639 github.com: https://github.com/micropython/micropython/pull/18671 github.com: https://github.com/micropython/micropython/issues/18639#issue-3780651410 github.com: https://github.com/dpgeorge/micropython/commit/570744d06c5ba9dba59b4c3f432ca4f0abd396b6 github.com: https://github.com/micropython/micropython/
Credits
๐ Oneafter (VulDB User)