Denial of Service Vulnerability in Zephyr's IPv6 Network Stack
CVE-2026-13351

7.5HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 25 June 2026

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2026-13351?

A vulnerability exists in Zephyr's IPv6 network stack that enables an attacker to disrupt network services. By sending a limited number of specially crafted fragmented IPv6 packets, unauthorized parties can prevent the system from processing further incoming packets. This occurs due to the improper management of RX network packet buffers that are allocated from a memory slab. Once exhausted, the device is unable to receive additional traffic, leading to a significant disruption in network operations and resulting in a denial of service for legitimate users.

Affected Version(s)

Zephyr * <= 4.3

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 25, 2026

CVE-2026-13351 Data

JSON