Marlin Firmware 2.1.2.7 Out-of-Bounds Write via M421 G-code Handler

Advisories

Marlin Firmware 2.1.2.7 Out-of-Bounds Write via M421 G-code Handler

severity: high
date: 6/24/2026
Affecting: Marlin <= firmware version 2.1.2.7, fixed in commit 1f255d1
CVE: CVE-2026-56111
CWE: CWE-129 Improper Validation of Array Index
CVSS: 8.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
References: Researcher Disclosure
Pull Request
Patch Commit
Credit: Christ Bouchuen
Description: Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH_BED_LEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices. Attackers can send a single crafted G-code command via USB serial, network interface, or malicious gcode file to write an attacker-controlled 32-bit float value past the z_values array bounds, corrupting adjacent firmware variables and causing denial of service or firmware state corruption.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo