Known Vulnerabilities for Zephyr by Zephyrproject
Listed below are 10 of the newest known vulnerabilities associated with "Zephyr" by "Zephyrproject".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-1679 | Not Provided | 2026-03-28 | 2026-03-31 | |
| CVE-2025-54714 | Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectl... | Not Provided | 2025-08-28 | 2026-04-01 |
| CVE-2025-39552 | Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectl... | Not Provided | 2025-04-16 | 2026-04-01 |
| CVE-2025-32526 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan James Zephyr Proj... | Not Provided | 2025-04-17 | 2026-04-01 |
| CVE-2025-22814 | Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Admin Theme zephyr-modern-admin-theme allows Cross Site... | Not Provided | 2025-01-09 | 2026-04-01 |
| CVE-2022-0553 | There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the ... | 4.6 - MEDIUM | 2023-01-11 | 2023-07-21 |
| CVE-2021-3430 | Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). Fo... | 7.5 - HIGH | 2022-06-28 | 2022-07-08 |
| CVE-2021-3330 | RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr... | 8.8 - HIGH | 2021-10-12 | 2021-10-18 |
| CVE-2021-3329 | Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack | 6.5 - MEDIUM | 2023-02-26 | 2023-03-07 |
| CVE-2021-3323 | Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap ... | 9.8 - CRITICAL | 2021-10-12 | 2021-10-18 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Zephyrproject | Zephyr | 2.3.0 | - | All | All |
| Application | Zephyrproject | Zephyr | 2.3.0 | - | All | All |
| Application | Zephyrproject | Zephyr | 2.2.0 | - | All | All |
| Operating System | Zephyrproject | Zephyr | 2.2.0 | - | All | All |
| Operating System | Zephyrproject | Zephyr | 2.2.0 | rc1 | All | All |
| Operating System | Zephyrproject | Zephyr | 2.2.0 | rc2 | All | All |
| Operating System | Zephyrproject | Zephyr | 2.2.0 | rc3 | All | All |
| Operating System | Zephyrproject | Zephyr | 2.1.0 | - | All | All |
| Application | Zephyrproject | Zephyr | 2.1.0 | - | All | All |
| Operating System | Zephyrproject | Zephyr | 2.0.0 | - | All | All |
| Application | Zephyrproject | Zephyr | 2.0.0 | - | All | All |
| Application | Zephyrproject | Zephyr | 2.0.0 | rc1 | All | All |
| Operating System | Zephyrproject | Zephyr | 2.0.0 | rc1 | All | All |
| Operating System | Zephyrproject | Zephyr | 2.0.0 | rc2 | All | All |
| Application | Zephyrproject | Zephyr | 2.0.0 | rc2 | All | All |
| Application | Zephyrproject | Zephyr | 2.0.0 | rc3 | All | All |
| Operating System | Zephyrproject | Zephyr | 2.0.0 | rc3 | All | All |
| Operating System | Zephyrproject | Zephyr | 1.9.2 | All | All | All |
| Application | Zephyrproject | Zephyr | 1.9.2 | All | All | All |
| Application | Zephyrproject | Zephyr | 1.9.1 | All | All | All |