CVE-2026-5066

Name of the Vulnerable Software and Affected Versions Network sockets subsystem (affected versions not specified)

Description An out-of-bounds write and read issue exists in the TLS socket connect path within the network sockets subsystem, specifically in the subsys/net/lib/sockets/sockets tls.c file. When the TLS session cache is enabled, the functions tls session store() and tls session restore() use memcpy to copy a caller-supplied address into a fixed-size buffer. Because the addrlen value is controlled by the caller and not validated against the destination size, an application can provide an addrlen larger than the struct net sockaddr size. This allows the operation to read and write past the end of the address memory used by the TLS session cache, which can result in a system crash, denial of service, or potential arbitrary code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.