CVE Catalog

CVE-2026-47148

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload, leading to process termination. These messages must come from a device that has already joined the network.

Risk Assessment

The risk to the organization involves potential process failures related to device handling, which may lead to system downtime. No information leakage back to the sender was observed.

Recommendation

It is recommended to upgrade to a newer version of EmberZNet to mitigate the risk associated with this vulnerability. Additionally, monitoring devices supporting the Groups cluster is advised to minimize potential issues.

Original NVD description (English source)

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Groups cluster may be impacted.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS