MEDIUM
zephyrproject
CVE published 2026-06-15
CVE-2026-10634
CVE-2026-10634 is a medium-severity vulnerability in Zephyr's native TCP stack. The vulnerability occurs in the `net_tcp_foreach()` function, which iterates over the global connection list. The function releases the `tcp_lock` while invoking a per-connection callback and re-acquires it afterwards. During this window, a concurrent `tcp_conn_release()` can remove and free the cached next connection, leading [truncated]