Known Vulnerabilities for products from Zephyrproject

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zephyrproject".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-13351 json Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number o... Not Provided 2026-06-25 2026-07-06
CVE-2026-10668 json The Nuvoton NuMaker HSUSBD USB device-controller driver (drivers/usb/udc/udc_numaker.c) armed the control Data IN stage uncon... Not Provided 2026-07-12 2026-07-16
CVE-2026-10667 json Zephyr's dynamic kernel-object tracking (kernel/userspace/userspace.c, formerly kernel/userspace.c) maintains a doubly-linked... Not Provided 2026-07-12 2026-07-16
CVE-2026-10666 json parse_ipv4() in subsys/net/ip/utils.c (reached via net_ipaddr_parse() for strings of the form "a.b.c.d:port") copies the port... Not Provided 2026-07-12 2026-07-17
CVE-2026-10665 json In Zephyr's WireGuard subsystem (subsys/net/lib/wireguard), wg_process_data_message() in wg_crypto.c linearizes an inbound tr... Not Provided 2026-07-12 2026-07-16
CVE-2026-10664 json The nRF70 Wi-Fi driver's power-save event handler nrf_wifi_event_proc_get_power_save_info() in drivers/wifi/nrf_wifi/src/wifi... Not Provided 2026-07-12 2026-07-16
CVE-2026-10663 json In Zephyr's experimental USB host stack (CONFIG_USB_HOST_STACK), usbh_device_disconnect() (subsys/usb/host/usbh_device.c) fre... Not Provided 2026-07-12 2026-07-16
CVE-2026-10659 json The Dhara flash translation layer disk driver (drivers/disk/ftl_dhara.c) implemented the dhara_nand_ callbacks so that, on a ... Not Provided 2026-07-07 2026-07-14
CVE-2026-10658 json bt_iso_recv() in subsys/bluetooth/host/iso.c pulled the ISO SDU header (4 bytes) or, when the timestamp flag is set, the time... Not Provided 2026-06-23 2026-07-14
CVE-2026-10657 json Zephyr's DNS resolver detects mDNS (.local) queries in dns_resolve_name_internal() (subsys/net/lib/dns/resolve.c) with memcmp... Not Provided 2026-07-05 2026-07-14
CVE-2026-10656 json The MAX32xxx USB device controller driver (drivers/usb/udc/udc_max32.c, compatible adi_max32_usbhs) dereferenced an endpoint ... Not Provided 2026-07-05 2026-07-14
CVE-2026-10655 json The asynchronous SNTP client in Zephyr (subsys/net/lib/sntp/sntp.c, sntp_close_async) closed the UDP socket file descriptor d... Not Provided 2026-06-30 2026-07-14
CVE-2026-10654 json A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simu... Not Provided 2026-06-30 2026-07-14
CVE-2026-10653 json The Zephyr net_buf library (lib/net_buf/buf.c) manipulated both of its reference counts -- the per-header buf->ref and the pe... Not Provided 2026-06-30 2026-07-14
CVE-2026-10652 json Zephyr's DNS resolver (subsys/net/lib/dns) parses resource records from DNS responses in dns_unpack_answer(), which validated... Not Provided 2026-06-30 2026-07-14
CVE-2026-10651 json bt_sdp_parse_attribute() in subsys/bluetooth/host/classic/sdp.c validated only that the SDP record buffer held the type-marke... Not Provided 2026-06-23 2026-07-17
CVE-2026-10648 json mcumgr_serial_process_frag() in subsys/mgmt/mcumgr/transport/src/serial_util.c calls net_buf_reset() on the result of smp_pac... Not Provided 2026-06-29 2026-07-14
CVE-2026-10647 json The USB CDC-NCM device class (subsys/usb/device_next/class/usbd_cdc_ncm.c) ignores the return value of usbd_ep_enqueue() in i... Not Provided 2026-06-29 2026-07-14
CVE-2026-10646 json Zephyr's BSD-sockets getaddrinfo() implementation (subsys/net/lib/sockets/getaddrinfo.c) passes a pointer to a stack-allocate... Not Provided 2026-06-28 2026-07-14
CVE-2026-10645 json The Zephyr ext2 filesystem driver (subsys/fs/ext2) trusted the on-disk directory entry fields de_rec_len and de_name_len when... Not Provided 2026-06-23 2026-07-14

Known software with vulnerabilities from Zephyrproject

Type Vendor Product Version
ApplicationZephyrprojectZephyr1.0.0
Operating
System
ZephyrprojectZephyr1.0.0

© CVE.report 2026

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report