Use-After-Free Vulnerability in Zephyr's IPv4 Stack Affects Packet Handling
CVE-2026-10639

4.8MEDIUM

Key Information:

Vendor: Zephyrproject
Status: Zephyr
Vendor: CVE Published:; 16 June 2026

🔔 Create Zephyrproject Vulnerability Alert

What is CVE-2026-10639?

In the Zephyr operating system's IPv4 stack, a use-after-free vulnerability exists within the echo-request handling process. When an ICMP echo-reply packet is formed and subsequently sent, the system's packet handling mechanism allows the memory associated with that packet to be reclaimed before updating network statistics. This leads to the possibility of reading garbage values or even modifying memory that has been reallocated, potentially causing corrupted interface statistics or triggering a denial of service through a remote attack just by intercepting ping packets. The flaw has been present since version 1.14 and can be exploited without authentication.

Affected Version(s)

zephyr 1.14.0 < 4.5.0

References

https://github.com/zephyrproject-rtos/zephyr/commit/86e21...

patch

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Jun 2, 2026

CVE-2026-10639 Data

JSON