PatchSiren cyber security CVE debrief
CVE-2026-5066 zephyrproject-rtos CVE debrief
CVE-2026-5066 is a potential out-of-bounds write/read vulnerability in the TLS socket connect path of the network sockets subsystem. The vulnerability occurs when the TLS session cache is enabled, and the tls_session_store() and tls_session_restore() functions memcpy the caller-supplied address into a fixed-size buffer using the caller-controlled addrlen value without validating it against the destination size. This can lead to a crash and denial of service, and potentially to arbitrary code execution.
- Vendor
- zephyrproject-rtos
- Product
- Zephyr
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Developers and users of the Zephyr RTOS, as well as anyone using the affected network sockets subsystem.
Technical summary
The vulnerability is caused by a lack of validation of the addrlen value against the destination size in the tls_session_store() and tls_session_restore() functions. This allows an attacker to pass an addrlen larger than sizeof(struct net_sockaddr), causing the memcpy to read and write past the end of the address memory used by the TLS session cache.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Disable the TLS session cache if not required.
- Validate user input to prevent passing an addrlen larger than sizeof(struct net_sockaddr).
Evidence notes
The vulnerability was reported by [email protected] and is tracked under GHSA-wgrc-jrf6-24f3.
Official resources
-
CVE-2026-5066 CVE record
CVE.org
-
CVE-2026-5066 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-5066 was published on 2026-06-04T21:16:30.907Z and modified on 2026-06-05T19:16:34.743Z.