Known Vulnerabilities for Zephyr by Zephyrproject
Listed below are 10 of the newest known vulnerabilities associated with "Zephyr" by "Zephyrproject".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-13351 json | Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number o... | Not Provided | 2026-06-25 | 2026-06-25 |
| CVE-2026-10687 json | Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis, confirmed with the fix aut... | Not Provided | 2026-06-18 | 2026-06-18 |
| CVE-2026-10676 json | Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis determined that the address... | Not Provided | 2026-06-12 | 2026-06-11 |
| CVE-2026-10658 json | A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In bt_i... | Not Provided | 2026-06-23 | 2026-06-23 |
| CVE-2026-10651 json | A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/hos... | Not Provided | 2026-06-23 | 2026-06-23 |
| CVE-2026-10645 json | Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name ... | Not Provided | 2026-06-23 | 2026-06-23 |
| CVE-2026-10642 json | The Zephyr PL011 UART driver (drivers/serial/uart_pl011.c) contains an unbounded software loop in pl011_irq_tx_enable() that ... | Not Provided | 2026-06-24 | 2026-06-25 |
| CVE-2026-10641 json | Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/classic/hfp_hf.c) contains ... | Not Provided | 2026-06-17 | 2026-06-17 |
| CVE-2026-10640 json | Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_nbr.c... | Not Provided | 2026-06-16 | 2026-06-16 |
| CVE-2026-10639 json | In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/net/ip/icmpv4.c builds an echo-reply packet (reply), ha... | Not Provided | 2026-06-16 | 2026-06-16 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Zephyrproject | Zephyr | 2.3.0 | |||
| Operating System | Zephyrproject | Zephyr | 2.3.0 | |||
| Operating System | Zephyrproject | Zephyr | 2.2.0 | |||
| Operating System | Zephyrproject | Zephyr | 2.2.0 | |||
| Operating System | Zephyrproject | Zephyr | 2.2.0 | |||
| Operating System | Zephyrproject | Zephyr | 2.2.0 | |||
| Application | Zephyrproject | Zephyr | 2.2.0 | |||
| Application | Zephyrproject | Zephyr | 2.1.0 | |||
| Operating System | Zephyrproject | Zephyr | 2.1.0 | |||
| Operating System | Zephyrproject | Zephyr | 2.0.0 | |||
| Application | Zephyrproject | Zephyr | 2.0.0 | |||
| Application | Zephyrproject | Zephyr | 2.0.0 | |||
| Operating System | Zephyrproject | Zephyr | 2.0.0 | |||
| Operating System | Zephyrproject | Zephyr | 2.0.0 | |||
| Application | Zephyrproject | Zephyr | 2.0.0 | |||
| Application | Zephyrproject | Zephyr | 2.0.0 | |||
| Operating System | Zephyrproject | Zephyr | 2.0.0 | |||
| Application | Zephyrproject | Zephyr | 1.9.2 | |||
| Operating System | Zephyrproject | Zephyr | 1.9.2 | |||
| Operating System | Zephyrproject | Zephyr | 1.9.1 |