CVE Catalog

CVE-2026-47150

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited.

Risk Assessment

The organization may experience process failures related to device management in the network, potentially leading to service disruptions. Only devices supporting the IAS Zone cluster may be impacted by this vulnerability.

Recommendation

It is recommended to upgrade to the latest version of EmberZNet to mitigate the risk associated with this vulnerability. Additionally, monitoring devices in the network for malformed enrollment messages is advised.

Original NVD description (English source)

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the IAS Zone cluster may be impacted.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS