By vendor

Zephyrproject vulnerabilities

Known CVEs affecting Zephyrproject products, prioritized by severity, with SEC.co remediation and detection guidance.

3 published vulnerabilities

  • CVE-2026-5068HIGH 7.6

    A vulnerability in Zephyr's Bluetooth host stack allows a nearby attacker to crash devices or corrupt memory by sending specially crafted Bluetooth Low Energy (BLE) packets. The flaw occurs when applications enable a feature called segmentation for handling large BLE messages, but configure their memory pools with insufficient space to track incoming data. An attacker within BLE range (typically 10–240 meters depending on device and antenna) can exploit this without any authentication, causing the device to crash or potentially enabling further compromise through heap corruption.

  • CVE-2026-5066MEDIUM 6.3

    A vulnerability exists in Zephyr's TLS socket implementation where attackers with network access and authenticated credentials can trigger an out-of-bounds memory access. When TLS session caching is enabled, the system copies network address data into a fixed buffer without checking if the caller-supplied size matches the actual buffer capacity. An attacker can specify an artificially large address size, causing the copy operation to overwrite adjacent memory. This can crash the system, disrupt network services, or potentially allow code execution if memory corruption is leveraged effectively.

  • CVE-2026-5589MEDIUM 6.3

    A flaw in Zephyr's Bluetooth Mesh implementation allows a nearby attacker to send a malicious wireless advertisement that triggers memory corruption. The vulnerable code fails to validate that certain length values are reasonable before using them in calculations, leading to reads and writes far outside intended memory boundaries. Devices with Bluetooth Mesh enabled and the optional proxy server feature active are at risk. No authentication or pairing is required—an attacker simply broadcasts a specially crafted BLE packet.