CVE Catalog

CVE-2026-47147

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester.

Risk Assessment

The organization may be exposed to the leakage of a limited amount of data from RAM, potentially leading to the disclosure of sensitive information. Only devices that have already joined the network and support the OTA Server cluster may be impacted.

Recommendation

It is recommended to update to the latest version of EmberZNet to minimize the risk associated with this vulnerability. Additionally, monitoring devices on the network to identify those that may be affected is advised.

Original NVD description (English source)

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the network. Only devices supporting the OTA Server cluster may be impacted.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS