PT-2026-52403 · Silicon · Ember Znet

Published

2026-06-25

Updated

2026-06-25

CVE-2026-47150

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the IAS Zone cluster may be impacted.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2026-47150

Affected Products

Ember Znet

PT-2026-52403 · Silicon · Ember Znet

CVE-2026-47150

Weakness Enumeration

Related Identifiers

Affected Products

References · 3