CVE Catalog

CVE-2026-4526

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network.

Risk Assessment

This vulnerability may lead to unexpected system crashes, potentially affecting service availability within the organization.

Recommendation

It is recommended to upgrade to the latest version of EmberZNet to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS