PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-13351 zephyrproject-rtos CVE debrief

CVE-2026-13351 is a high-severity vulnerability in Zephyr's IPv6 network stack. By sending a small number of maliciously fragmented IPv6 packets, an attacker can prevent the device from receiving or processing future incoming packets, resulting in a denial of service. The vulnerability has a CVSS score of 7.5 and is classified as HIGH. Organizations using Zephyr-based devices or systems that rely on IPv6 network stack should be aware of this vulnerability and take necessary actions to mitigate the risk. The vulnerability's exploitation can lead to a significant impact on network operations, emphasizing the need for prompt mitigation.

Vendor
zephyrproject-rtos
Product
Zephyr
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-25
Original CVE updated
2026-07-06
Advisory published
2026-06-25
Advisory updated
2026-07-06

Who should care

Organizations using Zephyr-based devices or systems that rely on IPv6 network stack should be aware of this vulnerability and take necessary actions to mitigate the risk. This includes operators managing Zephyr-based systems, platform administrators, vulnerability management teams, and security teams responsible for ensuring the security and integrity of network operations. The potential impact on network availability and security necessitates attention from these groups to prevent exploitation.

Technical summary

The vulnerability is caused by the improper handling of fragmented IPv6 packets in the Zephyr IPv6 network stack. When a malicious packet is handled by the fragment-header processing path, the associated RX network packet buffer is not released back to the pool. Repeating the malicious packet exhausts all RX buffer slots, causing the device to stop receiving traffic. This results in a denial of service, with a CVSS score of 7.5 and classified as HIGH. The issue arises from the Zephyr IPv6 network stack's inability to properly manage and release RX buffer slots when handling maliciously fragmented IPv6 packets.

Defensive priority

High

Recommended defensive actions

  • Apply patches or updates provided by the vendor to fix the vulnerability
  • Implement network traffic monitoring to detect and block suspicious IPv6 packets
  • Limit access to the affected systems or devices
  • Conduct regular security audits and vulnerability assessments
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance

Evidence notes

The vulnerability is documented in the CVE record and NVD detail pages. The vendor has provided a security advisory and patch for the vulnerability. Evidence is limited to CVE and NVD records, with defensive verification tasks recommended. The CVE record was published on 2026-06-25T17:16:38.460Z and has not been modified since then. The NVD entry is currently Analyzed. The vulnerability's impact and mitigation are detailed in the vendor's security advisory.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-25T17:16:38.460Z and has not been modified since then. The NVD entry is currently Analyzed.