Denial of Service Vulnerability in Zephyr Bluetooth Host by Vendor Zephyr Project
CVE-2026-10658

7.1HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 22 June 2026

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2026-10658?

A vulnerability exists in the Zephyr Bluetooth Host due to a missing length validation in the ISO receive path, allowing attackers to exploit malformed HCI ISO data. Specifically, the vulnerability arises when the processing function accepts data fragments without validating their lengths, potentially leading to a denial of service attack. In both assert-enabled and non-assert builds, this may result in a kernel assert or an out-of-bounds read, respectively, thus compromising the integrity of the system. This flaw underscores the importance of stringent data validation measures, especially in environments where incoming HCI data might be influenced by potentially malicious actors.

Affected Version(s)

Zephyr * <= 4.4.0

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 2, 2026

CVE-2026-10658 Data

JSON