CVE Catalog

CVE-2026-47149

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These issues occur only in devices that have already joined the network.

Risk Assessment

The organization may face process failures related to door lock handling, potentially leading to service interruptions. The lack of information leakage back to the sender reduces risk, but the issue may impact service availability.

Recommendation

It is recommended to update to the latest version of EmberZNet to mitigate the risk associated with this vulnerability. Additionally, monitoring devices supporting the Door Lock cluster is advised.

Original NVD description (English source)

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Door Lock cluster may be impacted.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS