Zephyr Bluetooth LE Audio Basic Audio Profile Vulnerability in Unicast Client
CVE-2026-10593

6.5MEDIUM

Key Information:

Vendor: Zephyrproject
Status: Zephyr
Vendor: CVE Published:; 28 June 2026

🔔 Create Zephyrproject Vulnerability Alert

What is CVE-2026-10593?

A vulnerability exists within the Zephyr Bluetooth LE Audio Basic Audio Profile unicast client, specifically in how it processes peer-supplied ASE state notifications. The flaw arises when attacker-controlled QoS fields are mishandled, leading to potential denial of service. If a remote ASCS server sends a GATT notification signaling an inappropriate state transition, it could trigger a crash through a NULL pointer dereference. This affects devices utilizing versions 4.3.0 and 4.4.0 of the Zephyr framework. To mitigate this risk, corrective measures have adjusted the storage of BAP QoS data to maintain integrity and prevent unexpected resource access failures.

Affected Version(s)

zephyr 4.3.0 < 4.5.0

References

https://github.com/zephyrproject-rtos/zephyr/commit/52f25...

patch

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2026
Vulnerability Reserved
Jun 1, 2026

CVE-2026-10593 Data

JSON