PatchSiren cyber security CVE debrief
CVE-2026-13351 zephyrproject-rtos CVE debrief
CVE-2026-13351 is a high-severity vulnerability in Zephyr's IPv6 network stack. By sending a small number of maliciously fragmented IPv6 packets, an attacker can prevent the device from receiving or processing future incoming packets, resulting in a denial of service. The vulnerability has a CVSS score of 7.5 and is classified as HIGH. Organizations using Zephyr-based devices or systems that rely on IPv6 network stack should be aware of this vulnerability and take necessary actions to mitigate the risk. The vulnerability's exploitation can lead to a significant impact on network operations, emphasizing the need for prompt mitigation.
- Vendor
- zephyrproject-rtos
- Product
- Zephyr
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-25
- Original CVE updated
- 2026-07-06
- Advisory published
- 2026-06-25
- Advisory updated
- 2026-07-06
Who should care
Organizations using Zephyr-based devices or systems that rely on IPv6 network stack should be aware of this vulnerability and take necessary actions to mitigate the risk. This includes operators managing Zephyr-based systems, platform administrators, vulnerability management teams, and security teams responsible for ensuring the security and integrity of network operations. The potential impact on network availability and security necessitates attention from these groups to prevent exploitation.
Technical summary
The vulnerability is caused by the improper handling of fragmented IPv6 packets in the Zephyr IPv6 network stack. When a malicious packet is handled by the fragment-header processing path, the associated RX network packet buffer is not released back to the pool. Repeating the malicious packet exhausts all RX buffer slots, causing the device to stop receiving traffic. This results in a denial of service, with a CVSS score of 7.5 and classified as HIGH. The issue arises from the Zephyr IPv6 network stack's inability to properly manage and release RX buffer slots when handling maliciously fragmented IPv6 packets.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability
- Implement network traffic monitoring to detect and block suspicious IPv6 packets
- Limit access to the affected systems or devices
- Conduct regular security audits and vulnerability assessments
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
Evidence notes
The vulnerability is documented in the CVE record and NVD detail pages. The vendor has provided a security advisory and patch for the vulnerability. Evidence is limited to CVE and NVD records, with defensive verification tasks recommended. The CVE record was published on 2026-06-25T17:16:38.460Z and has not been modified since then. The NVD entry is currently Analyzed. The vulnerability's impact and mitigation are detailed in the vendor's security advisory.
Official resources
-
CVE-2026-13351 CVE record
CVE.org
-
CVE-2026-13351 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Patch, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-25T17:16:38.460Z and has not been modified since then. The NVD entry is currently Analyzed.