Use-after-free vulnerability in Zephyr TCP stack affects multiple versions
CVE-2026-10634

4.8MEDIUM

Key Information:

Vendor: Zephyrproject
Status: Zephyr
Vendor: CVE Published:; 15 June 2026

🔔 Create Zephyrproject Vulnerability Alert

What is CVE-2026-10634?

The vulnerability in Zephyr's native TCP stack occurs when the net_tcp_foreach() function iterates through the global connection list. During the callback invocation, the tcp_lock is released, allowing concurrent operations that can manipulate list nodes. This creates a scenario where dereferencing a freed memory block may lead to system crashes and potentially expose sensitive information if the memory has been reallocated. The vulnerability affects versions of the TCP stack released up to and including v4.4.0 and has been addressed by ensuring that connection teardown occurs within a critical section.

Affected Version(s)

zephyr 2.5.0 < 4.5.0

References

https://github.com/zephyrproject-rtos/zephyr/commit/cd85e...

patch

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Jun 2, 2026

CVE-2026-10634 Data

JSON