CVE Catalog

CVE-2026-47151

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. Only devices that have already joined the network and support the Door Lock cluster may be impacted.

Risk Assessment

Organizations may be exposed to unauthorized access to security systems, potentially leading to physical break-ins or manipulation of door locks.

Recommendation

It is recommended to update to the latest version of EmberZNet to mitigate the risk associated with this vulnerability and to monitor devices joining the network.

Original NVD description (English source)

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock cluster may be impacted.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS