Vulnerability Details CVE-2026-5066
A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_store() and tls_session_restore() memcpy the caller-supplied address into a fixed-size buffer using the caller-controlled addrlen value without validating it against the destination size. struct net_sockaddr is an opaque type, so an application can pass an addrlen larger than sizeof(struct net_sockaddr) (for example 128 bytes into a 24-byte stack buffer), causing the memcpy to read and write past the end of the address memory used by the TLS session cache. This out-of-bounds write can lead to a crash and denial of service, and potentially to arbitrary code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 23.9%
CVSS Severity
CVSS v3 Score 6.3
Products affected by CVE-2026-5066
-
cpe:2.3:o:zephyrproject:zephyr:-
-
cpe:2.3:o:zephyrproject:zephyr:1.0.0
-
cpe:2.3:o:zephyrproject:zephyr:1.1.0
-
cpe:2.3:o:zephyrproject:zephyr:1.10.0
-
cpe:2.3:o:zephyrproject:zephyr:1.11.0
-
cpe:2.3:o:zephyrproject:zephyr:1.12.0
-
cpe:2.3:o:zephyrproject:zephyr:1.13.0
-
cpe:2.3:o:zephyrproject:zephyr:1.14.0
-
cpe:2.3:o:zephyrproject:zephyr:1.14.1
-
cpe:2.3:o:zephyrproject:zephyr:1.14.2
-
cpe:2.3:o:zephyrproject:zephyr:1.14.3
-
cpe:2.3:o:zephyrproject:zephyr:1.2.0
-
cpe:2.3:o:zephyrproject:zephyr:1.3.0
-
cpe:2.3:o:zephyrproject:zephyr:1.4.0
-
cpe:2.3:o:zephyrproject:zephyr:1.5.0
-
cpe:2.3:o:zephyrproject:zephyr:1.6.0
-
cpe:2.3:o:zephyrproject:zephyr:1.6.1
-
cpe:2.3:o:zephyrproject:zephyr:1.6.99
-
cpe:2.3:o:zephyrproject:zephyr:1.7.0
-
cpe:2.3:o:zephyrproject:zephyr:1.7.1
-
cpe:2.3:o:zephyrproject:zephyr:1.7.99
-
cpe:2.3:o:zephyrproject:zephyr:1.8.0
-
cpe:2.3:o:zephyrproject:zephyr:1.8.99
-
cpe:2.3:o:zephyrproject:zephyr:1.9.0
-
cpe:2.3:o:zephyrproject:zephyr:1.9.1
-
cpe:2.3:o:zephyrproject:zephyr:1.9.2
-
cpe:2.3:o:zephyrproject:zephyr:2.0.0
-
cpe:2.3:o:zephyrproject:zephyr:2.1.0
-
cpe:2.3:o:zephyrproject:zephyr:2.2.0
-
cpe:2.3:o:zephyrproject:zephyr:2.3.0
-
cpe:2.3:o:zephyrproject:zephyr:2.4.0
-
cpe:2.3:o:zephyrproject:zephyr:2.5.0
-
cpe:2.3:o:zephyrproject:zephyr:2.5.1
-
cpe:2.3:o:zephyrproject:zephyr:2.6.0
-
cpe:2.3:o:zephyrproject:zephyr:2.6.1
-
cpe:2.3:o:zephyrproject:zephyr:2.7.0
-
cpe:2.3:o:zephyrproject:zephyr:2.79.0
-
cpe:2.3:o:zephyrproject:zephyr:2.8.0
-
cpe:2.3:o:zephyrproject:zephyr:2.81.0
-
cpe:2.3:o:zephyrproject:zephyr:2.82.0
-
cpe:2.3:o:zephyrproject:zephyr:2.83.0
-
cpe:2.3:o:zephyrproject:zephyr:2.84.0
-
cpe:2.3:o:zephyrproject:zephyr:2.85.0
-
cpe:2.3:o:zephyrproject:zephyr:2.86.0
-
cpe:2.3:o:zephyrproject:zephyr:2.87.0
-
cpe:2.3:o:zephyrproject:zephyr:2.88.0
-
cpe:2.3:o:zephyrproject:zephyr:2.89.0
-
cpe:2.3:o:zephyrproject:zephyr:2.90.0
-
cpe:2.3:o:zephyrproject:zephyr:2.91.0
-
cpe:2.3:o:zephyrproject:zephyr:2.92.0
-
cpe:2.3:o:zephyrproject:zephyr:2.93.0
-
cpe:2.3:o:zephyrproject:zephyr:2.94.0
-
cpe:2.3:o:zephyrproject:zephyr:2.95.0
-
cpe:2.3:o:zephyrproject:zephyr:3.0.0
-
cpe:2.3:o:zephyrproject:zephyr:3.0.1
-
cpe:2.3:o:zephyrproject:zephyr:3.1.0
-
cpe:2.3:o:zephyrproject:zephyr:3.2.0
-
cpe:2.3:o:zephyrproject:zephyr:3.2.01
-
cpe:2.3:o:zephyrproject:zephyr:3.2.1
-
cpe:2.3:o:zephyrproject:zephyr:3.2.31
-
cpe:2.3:o:zephyrproject:zephyr:3.2.40
-
cpe:2.3:o:zephyrproject:zephyr:3.2.41
-
cpe:2.3:o:zephyrproject:zephyr:3.3.0
-
cpe:2.3:o:zephyrproject:zephyr:3.4.0
-
cpe:2.3:o:zephyrproject:zephyr:3.5.0
-
cpe:2.3:o:zephyrproject:zephyr:3.6.0
-
cpe:2.3:o:zephyrproject:zephyr:3.7.0
-
cpe:2.3:o:zephyrproject:zephyr:3.7.1
-
cpe:2.3:o:zephyrproject:zephyr:3.7.2
-
cpe:2.3:o:zephyrproject:zephyr:4.0.0
-
cpe:2.3:o:zephyrproject:zephyr:4.1.0
-
cpe:2.3:o:zephyrproject:zephyr:4.2.0
-
cpe:2.3:o:zephyrproject:zephyr:4.2.1
-
cpe:2.3:o:zephyrproject:zephyr:4.3.0