CVE-2026-47150
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited.
Risk Assessment
The organization may experience process failures related to device management in the network, potentially leading to service disruptions. Only devices supporting the IAS Zone cluster may be impacted by this vulnerability.
Recommendation
It is recommended to upgrade to the latest version of EmberZNet to mitigate the risk associated with this vulnerability. Additionally, monitoring devices in the network for malformed enrollment messages is advised.
Original NVD description (English source)
In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the IAS Zone cluster may be impacted.

