Zephyr

This hub aggregates every CVE we track for Zephyr, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Zephyr.

• CVE-2026-10641Out-of-bounds write in Bluetooth HFP Hands-Free CIND indicator parsing (cind_handle_values)7.1Jun 17, 2026
• CVE-2026-10640Use-after-free reading `net_pkt` `iface` after send in IPv6 Neighbor Discovery (`ipv6_nbr.c`)4.2Jun 16, 2026
• CVE-2026-10639Use-after-free reading `net_pkt_iface()` of a sent ICMPv4 echo-reply packet in `icmpv4_handle_echo_request()`4.8Jun 16, 2026
• CVE-2026-10638Use-after-free in Zephyr ICMPv6 RX path when updating statistics after sending an echo reply or error5.9Jun 16, 2026
• CVE-2026-10637Use-after-free of net_pkt in IPv6 MLD send path triggerable by a link-local MLD Query5.9Jun 16, 2026
• CVE-2026-10636Use-after-free in Zephyr IPv4 IGMP send path (igmp_send)3.7Jun 16, 2026
• CVE-2026-10635Dangling memory-domain pointer (use-after-free) in Xtensa MMU page-table code on memory-domain de-init6.3Jun 16, 2026
• CVE-2026-10634Use-after-free in Zephyr native TCP net_tcp_foreach() due to dropping tcp_lock during the callback4.8Jun 15, 2026
• CVE-2026-5068bt: l2cap le coc: remote oob write via seg counter stored in net_buf user_data7.6Jun 9, 2026
• CVE-2026-5067Out-of-bounds read/write in HTTP WebSocket upgrade via non-null-terminated Sec-WebSocket-Key9.8Jun 9, 2026
• CVE-2026-5066net: sockets: tls: Potential out-of-bounds write/read in socket_op_vtable::connect function6.3Jun 4, 2026
• CVE-2026-5589Out-of-bounds write caused by an integer underflow in the Bluetooth Mesh subsystem.6.3Jun 4, 2026
• CVE-2026-5071can: Local Denial of Service via SocketCAN Send6.1May 30, 2026
• CVE-2026-5072ptp: Potential Denial of Service via PTP Interval Shift6.5May 22, 2026
• CVE-2026-1681net: Stack Overflow with Ping (to own IP Address) via Shell6.1May 12, 2026