Known Vulnerabilities for products from Zephyrproject
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zephyrproject".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-13351 json | Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number o... | Not Provided | 2026-06-25 | 2026-07-06 |
| CVE-2026-10668 json | The Nuvoton NuMaker HSUSBD USB device-controller driver (drivers/usb/udc/udc_numaker.c) armed the control Data IN stage uncon... | Not Provided | 2026-07-12 | 2026-07-16 |
| CVE-2026-10667 json | Zephyr's dynamic kernel-object tracking (kernel/userspace/userspace.c, formerly kernel/userspace.c) maintains a doubly-linked... | Not Provided | 2026-07-12 | 2026-07-16 |
| CVE-2026-10666 json | parse_ipv4() in subsys/net/ip/utils.c (reached via net_ipaddr_parse() for strings of the form "a.b.c.d:port") copies the port... | Not Provided | 2026-07-12 | 2026-07-17 |
| CVE-2026-10665 json | In Zephyr's WireGuard subsystem (subsys/net/lib/wireguard), wg_process_data_message() in wg_crypto.c linearizes an inbound tr... | Not Provided | 2026-07-12 | 2026-07-16 |
| CVE-2026-10664 json | The nRF70 Wi-Fi driver's power-save event handler nrf_wifi_event_proc_get_power_save_info() in drivers/wifi/nrf_wifi/src/wifi... | Not Provided | 2026-07-12 | 2026-07-16 |
| CVE-2026-10663 json | In Zephyr's experimental USB host stack (CONFIG_USB_HOST_STACK), usbh_device_disconnect() (subsys/usb/host/usbh_device.c) fre... | Not Provided | 2026-07-12 | 2026-07-16 |
| CVE-2026-10659 json | The Dhara flash translation layer disk driver (drivers/disk/ftl_dhara.c) implemented the dhara_nand_ callbacks so that, on a ... | Not Provided | 2026-07-07 | 2026-07-14 |
| CVE-2026-10658 json | bt_iso_recv() in subsys/bluetooth/host/iso.c pulled the ISO SDU header (4 bytes) or, when the timestamp flag is set, the time... | Not Provided | 2026-06-23 | 2026-07-14 |
| CVE-2026-10657 json | Zephyr's DNS resolver detects mDNS (.local) queries in dns_resolve_name_internal() (subsys/net/lib/dns/resolve.c) with memcmp... | Not Provided | 2026-07-05 | 2026-07-14 |
| CVE-2026-10656 json | The MAX32xxx USB device controller driver (drivers/usb/udc/udc_max32.c, compatible adi_max32_usbhs) dereferenced an endpoint ... | Not Provided | 2026-07-05 | 2026-07-14 |
| CVE-2026-10655 json | The asynchronous SNTP client in Zephyr (subsys/net/lib/sntp/sntp.c, sntp_close_async) closed the UDP socket file descriptor d... | Not Provided | 2026-06-30 | 2026-07-14 |
| CVE-2026-10654 json | A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simu... | Not Provided | 2026-06-30 | 2026-07-14 |
| CVE-2026-10653 json | The Zephyr net_buf library (lib/net_buf/buf.c) manipulated both of its reference counts -- the per-header buf->ref and the pe... | Not Provided | 2026-06-30 | 2026-07-14 |
| CVE-2026-10652 json | Zephyr's DNS resolver (subsys/net/lib/dns) parses resource records from DNS responses in dns_unpack_answer(), which validated... | Not Provided | 2026-06-30 | 2026-07-14 |
| CVE-2026-10651 json | bt_sdp_parse_attribute() in subsys/bluetooth/host/classic/sdp.c validated only that the SDP record buffer held the type-marke... | Not Provided | 2026-06-23 | 2026-07-17 |
| CVE-2026-10648 json | mcumgr_serial_process_frag() in subsys/mgmt/mcumgr/transport/src/serial_util.c calls net_buf_reset() on the result of smp_pac... | Not Provided | 2026-06-29 | 2026-07-14 |
| CVE-2026-10647 json | The USB CDC-NCM device class (subsys/usb/device_next/class/usbd_cdc_ncm.c) ignores the return value of usbd_ep_enqueue() in i... | Not Provided | 2026-06-29 | 2026-07-14 |
| CVE-2026-10646 json | Zephyr's BSD-sockets getaddrinfo() implementation (subsys/net/lib/sockets/getaddrinfo.c) passes a pointer to a stack-allocate... | Not Provided | 2026-06-28 | 2026-07-14 |
| CVE-2026-10645 json | The Zephyr ext2 filesystem driver (subsys/fs/ext2) trusted the on-disk directory entry fields de_rec_len and de_name_len when... | Not Provided | 2026-06-23 | 2026-07-14 |