CVE-2026-1678

Name of the Vulnerable Software and Affected Versions Zephyr RTOS (affected versions not specified)

Description The dns unpack name() function in Zephyr RTOS contains a flaw where it caches the buffer tailroom and reuses it when appending DNS labels. As the buffer expands, the cached size becomes inaccurate, potentially leading to a write beyond the buffer's boundaries when the final null terminator is written. This out-of-bounds write can be triggered by a malicious DNS response when assertions are disabled, which is the default configuration, if CONFIG DNS RESOLVER is enabled. The issue can lead to remote code execution (RCE) on IoT devices.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.