CVE-2026-56111

Marlin Firmware 2.1.2.7 Out-of-Bounds Write via M421 G-code Handler

CVSS 8.3 HIGHEPSS 0.5%CWE-129

Vexday Risk Score

41Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 8.3EPSS 0.5%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado

Lifecycle

24 Jun 2026Published on NVD

24 Jun 2026Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH_BED_LEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices. Attackers can send a single crafted G-code command via USB serial, network interface, or malicious gcode file to write an attacker-controlled 32-bit float value past the z_values array bounds, corrupting adjacent firmware variables and causing denial of service or firmware state corruption.

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

MarlinFirmware · Marlin

public PoCs found — 2

githubgithub.com/Christbowel/CVE-2026-56111★ 1 cve_referencegithub.com/MarlinFirmware/Marlin/issues/28467unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/MarlinFirmware/Marlin/commit/1f255d16ec2d456454fd444494cfb338d62b0fa1 https://github.com/MarlinFirmware/Marlin/issues/28467 https://github.com/MarlinFirmware/Marlin/pull/28468 https://www.vulncheck.com/advisories/marlin-firmware-out-of-bounds-write-via-m421-g-code-handler